msimerson
commented
7 years ago also look in /jails/haraka/var/log/haraka.log
Closed s571 closed 7 years ago
msimerson
commented
7 years ago also look in /jails/haraka/var/log/haraka.log
s571
commented
7 years ago loaded TLD files: 1=1544 2=6156 3=2246 loaded 8357 Public Suffixes loaded TLD files: 1=1544 2=6156 3=2246 loaded TLD files: 1=1544 2=6156 3=2246 loaded 8357 Public Suffixes loaded 8357 Public Suffixes loaded TLD files: 1=1544 2=6156 3=2246 loaded 8357 Public Suffixes loaded TLD files: 1=1544 2=6156 3=2246 loaded TLD files: 1=1544 2=6156 3=2246 loaded 8357 Public Suffixes loaded 8357 Public Suffixes loaded TLD files: 1=1544 2=6156 3=2246 loaded 8357 Public Suffixes loaded TLD files: 1=1544 2=6156 3=2246 loaded TLD files: 1=1544 2=6156 3=2246 loaded 8357 Public Suffixes loaded 8357 Public Suffixes Reloading file: /data/config/dhparams.pem Reloading file: /data/config/dhparams.pem Reloading file: /data/config/dhparams.pem Reloading file: /data/config/dhparams.pem Reloading file: /data/config/dhparams.pem Reloading file: /data/config/dhparams.pem loaded TLD files: 1=1544 2=6156 3=2246 loaded 8357 Public Suffixes loaded TLD files: 1=1544 2=6156 3=2246 loaded TLD files: 1=1544 2=6156 3=2246 loaded 8357 Public Suffixes loaded 8357 Public Suffixes loaded TLD files: 1=1544 2=6156 3=2246 loaded 8357 Public Suffixes loaded TLD files: 1=1544 2=6156 3=2246 loaded TLD files: 1=1544 2=6156 3=2246 loaded 8357 Public Suffixes loaded 8357 Public Suffixes loaded TLD files: 1=1544 2=6156 3=2246 loaded 8357 Public Suffixes loaded TLD files: 1=1544 2=6156 3=2246 loaded TLD files: 1=1544 2=6156 3=2246 loaded 8357 Public Suffixes loaded 8357 Public Suffixes loaded TLD files: 1=1544 2=6156 3=2246 loaded 8357 Public Suffixes loaded TLD files: 1=1544 2=6156 3=2246 loaded TLD files: 1=1544 2=6156 3=2246 loaded 8357 Public Suffixes loaded 8357 Public Suffixes loaded TLD files: 1=1544 2=6156 3=2246 loaded 8357 Public Suffixes loaded TLD files: 1=1544 2=6156 3=2246 loaded TLD files: 1=1544 2=6156 3=2246 loaded 8357 Public Suffixes loaded 8357 Public Suffixes
s571
commented
7 years ago Just ran provision base and then provision haraka. You might see errors but it seems to build fine.
:~ # sudo sh
loading mail-toaster.conf mysql enabled toaster host: host.redacted-domain.com email domain: redacted-domain.com IPv6 jail network: fd7a:e5cd:1fc1:a5da:dead:beef:cafe shell: /bin/csh safe name: stage
172.16.15.2 provision-base.sh 100% of 13 kB 1250 kBps 00m00s loading mail-toaster.conf mysql enabled toaster host: host.redacted-domain.com email domain: redacted-domain.com IPv6 jail network: fd7a:e5cd:1fc1:a5da:dead:beef:cafe shell: /bin/csh safe name: stage include/shell.sh 100% of 2869 B 9933 kBps 00m00s zroot/jails/base-11.0-RELEASE@p12 snapshot exists
172.16.15.9 provision-haraka.sh 100% of 16 kB 1291 kBps 00m00s loading mail-toaster.conf mysql enabled toaster host: host.redacted-domain.com email domain: redacted-domain.com IPv6 jail network: fd7a:e5cd:1fc1:a5da:dead:beef:cafe shell: /bin/csh safe name: stage zroot/jails/base-11.0-RELEASE@p12 snapshot exists
zroot/data/redis filesystem exists
stage cleanup
service jail stop stage Stopping jails:. jail -r stage
zroot/data/haraka filesystem exists
zroot/data/geoip filesystem exists
stage jail filesystem setup
zfs clone zroot/jails/base-11.0-RELEASE@p12 zroot/jails/stage sysrc -R /jails/stage hostname=haraka hostname: base -> haraka ip6.addr is already declared in haraka
zroot/data/haraka filesystem exists
zroot/data/haraka filesystem exists
mkdir -p /jails/stage/data mount_nullfs /data/haraka /jails/stage/data mount /jails/stage/usr/ports mount /jails/stage/var/cache/pkg
devfs BPF ruleset already present
stage jail haraka startup
ELF ldconfig path: /lib /usr/lib /usr/lib/compat /usr/local/lib 32-bit compatibility ldconfig path: /usr/lib32 Setting hostname: haraka. Starting syslogd. protect: procctl: Operation not permitted Clearing /tmp (X related). Starting cron.
Sun Oct 1 23:46:12 EDT 2017
zroot/data/geoip filesystem exists
mkdir -p /jails/stage/usr/local/share/GeoIP mount_nullfs /data/geoip /jails/stage/usr/local/share/GeoIP Updating FreeBSD repository catalogue... [haraka] Fetching meta.txz: 100% 944 B 0.9kB/s 00:01 [haraka] Fetching packagesite.txz: 100% 6 MiB 6.1MB/s 00:01 Processing entries: 100% FreeBSD repository update completed. 26965 packages processed. All repositories are up to date.
installing node & npm
pkg -j stage install -y node6 npm3 gmake Updating FreeBSD repository catalogue... FreeBSD repository is up to date. All repositories are up to date. Checking integrity... done (0 conflicting) The following 10 package(s) will be affected (of 0 checked):
New packages to be INSTALLED: node6: 6.11.3_1 npm3: 3.10.10_2 gmake: 4.2.1_1 c-ares: 1.12.0_2 libuv: 1.14.1 icu: 59.1,1 python27: 2.7.14 readline: 7.0.3 libffi: 3.2.1_1 python2: 2_3
Number of packages to be installed: 10
Note that some standard Python modules are provided as separate ports as they require additional dependencies. They are available as:
bsddb databases/py-bsddb gdbm databases/py-gdbm sqlite3 databases/py-sqlite3 tkinter x11-toolkits/py-tkinter
=========================================================================== Message from node6-6.11.3_1: Note: If you need npm (Node Package Manager), please install the npm3 package, or build any of the www/npm* ports with the NODE6 option enabled.
installing Haraka
jexec stage pkg install -y git-lite Updating FreeBSD repository catalogue... FreeBSD repository is up to date. All repositories are up to date. Checking integrity... done (0 conflicting) The following 5 package(s) will be affected (of 0 checked):
New packages to be INSTALLED: git-lite: 2.14.1 expat: 2.2.1 curl: 7.55.1 libnghttp2: 1.26.0 pcre: 8.40_1
Number of packages to be installed: 5
* GITWEB *** If you installed the GITWEB option please follow these instructions:
In the directory /usr/local/share/examples/git/gitweb you can find all files to make gitweb work as a public repository on the web.
All you have to do to make gitweb work is: 1) Copy the files /usr/local/share/examples/git/gitweb/ to a directory on your web server (e.g. Apache2) in which you are able to execute CGI-scripts. 2) In gitweb.cgi, adjust the variable $projectroot to point to your git repository (that is where you have your .git project directories). * GITWEB ***
jexec stage npm install --production -g haraka/Haraka ws express /usr/local/bin/haraka -> /usr/local/lib/node_modules/Haraka/bin/haraka /usr/local/bin/spf -> /usr/local/lib/node_modules/Haraka/bin/spf /usr/local/bin/haraka_grep -> /usr/local/lib/node_modules/Haraka/bin/haraka_grep /usr/local/bin/dkimverify -> /usr/local/lib/node_modules/Haraka/bin/dkimverify
dtrace-provider@0.8.5 install /usr/local/lib/node_modules/Haraka/node_modules/bunyan/node_modules/dtrace-provider node scripts/install.js
dtrace-provider@0.7.1 install /usr/local/lib/node_modules/Haraka/node_modules/dtrace-provider node scripts/install.js
modern-syslog@1.1.4 install /usr/local/lib/node_modules/Haraka/node_modules/modern-syslog node-gyp rebuild
gyp WARN EACCES user "root" does not have permission to access the dev dir "/root/.node-gyp/6.11.3" gyp WARN EACCES attempting to reinstall using temporary dev dir "/usr/local/lib/node_modules/Haraka/node_modules/modern-syslog/.node-gyp" gmake: Entering directory '/usr/local/lib/node_modules/Haraka/node_modules/modern-syslog/build' CXX(target) Release/obj.target/core/core.o SOLINK_MODULE(target) Release/obj.target/core.node COPY Release/core.node gmake: Leaving directory '/usr/local/lib/node_modules/Haraka/node_modules/modern-syslog/build'
iconv@2.3.0 install /usr/local/lib/node_modules/Haraka/node_modules/iconv node-gyp rebuild
gyp WARN EACCES user "root" does not have permission to access the dev dir "/root/.node-gyp/6.11.3"
gyp WARN EACCES attempting to reinstall using temporary dev dir "/usr/local/lib/node_modules/Haraka/node_modules/iconv/.node-gyp"
gmake: Entering directory '/usr/local/lib/node_modules/Haraka/node_modules/iconv/build'
CXX(target) Release/obj.target/iconv/src/binding.o
CC(target) Release/obj.target/iconv/deps/libiconv/lib/iconv.o
In file included from ../deps/libiconv/lib/iconv.c:71:
In file included from ../deps/libiconv/lib/converters.h:212:
../deps/libiconv/lib/jisx0208.h:2380:12: warning: comparison of unsigned expression >= 0 is always true
[-Wtautological-compare]
if (wc >= 0x0000 && wc < 0x0100)
~~ ^ ~~
In file included from ../deps/libiconv/lib/iconv.c:71:
In file included from ../deps/libiconv/lib/converters.h:213:
../deps/libiconv/lib/jisx0212.h:2160:12: warning: comparison of unsigned expression >= 0 is always true
[-Wtautological-compare]
if (wc >= 0x0000 && wc < 0x0460)
~~ ^ ~~
In file included from ../deps/libiconv/lib/iconv.c:71:
In file included from ../deps/libiconv/lib/converters.h:216:
../deps/libiconv/lib/gb2312.h:2538:12: warning: comparison of unsigned expression >= 0 is always true
[-Wtautological-compare]
if (wc >= 0x0000 && wc < 0x0460)
~~ ^ ~~
In file included from ../deps/libiconv/lib/iconv.c:71:
In file included from ../deps/libiconv/lib/converters.h:217:
In file included from ../deps/libiconv/lib/isoir165.h:80:
../deps/libiconv/lib/isoir165ext.h:759:12: warning: comparison of unsigned expression >= 0 is always true
[-Wtautological-compare]
if (wc >= 0x0000 && wc < 0x0200)
~~ ^ ~~
In file included from ../deps/libiconv/lib/iconv.c:71:
In file included from ../deps/libiconv/lib/converters.h:220:
In file included from ../deps/libiconv/lib/cns11643.h:37:
../deps/libiconv/lib/cns11643_inv.h:15372:12: warning: comparison of unsigned expression >= 0 is always true
[-Wtautological-compare]
if (wc >= 0x0000 && wc < 0x0100)
~~ ^ ~~
In file included from ../deps/libiconv/lib/iconv.c:71:
In file included from ../deps/libiconv/lib/converters.h:221:
../deps/libiconv/lib/big5.h:4123:12: warning: comparison of unsigned expression >= 0 is always true [-Wtautological-compare]
if (wc >= 0x0000 && wc < 0x0100)
~~ ^ ~~
In file included from ../deps/libiconv/lib/iconv.c:71:
In file included from ../deps/libiconv/lib/converters.h:223:
../deps/libiconv/lib/ksc5601.h:2987:12: warning: comparison of unsigned expression >= 0 is always true
[-Wtautological-compare]
if (wc >= 0x0000 && wc < 0x0460)
~~ ^ ~~
In file included from ../deps/libiconv/lib/iconv.c:71:
In file included from ../deps/libiconv/lib/converters.h:239:
In file included from ../deps/libiconv/lib/gb18030.h:185:
../deps/libiconv/lib/gb18030uni.h:184:23: warning: comparison of unsigned expression >= 0 is always true
[-Wtautological-compare]
if (i >= 0 && i <= 39419) {
~ ^ ~
In file included from ../deps/libiconv/lib/iconv.c:71:
In file included from ../deps/libiconv/lib/converters.h:239:
../deps/libiconv/lib/gb18030.h:248:25: warning: comparison of unsigned expression >= 0 is always true
[-Wtautological-compare]
if (i >= 0 && i < 0x100000) {
~ ^ ~
In file included from ../deps/libiconv/lib/iconv.c:71:
In file included from ../deps/libiconv/lib/converters.h:245:
In file included from ../deps/libiconv/lib/cp950.h:129:
../deps/libiconv/lib/cp950ext.h:38:11: warning: equality comparison with extraneous parentheses [-Wparentheses-equality]
if ((c1 == 0xf9)) {
../deps/libiconv/lib/cp950ext.h:38:11: note: remove extraneous parentheses around the comparison to silence this warning
if ((c1 == 0xf9)) {
~ ^ ~
../deps/libiconv/lib/cp950ext.h:38:11: note: use '=' to turn this equality comparison into an assignment
if ((c1 == 0xf9)) {
^~
=
In file included from ../deps/libiconv/lib/iconv.c:71:
In file included from ../deps/libiconv/lib/converters.h:246:
In file included from ../deps/libiconv/lib/big5hkscs1999.h:45:
../deps/libiconv/lib/hkscs1999.h:2956:12: warning: comparison of unsigned expression >= 0 is always true
[-Wtautological-compare]
if (wc >= 0x0000 && wc < 0x02d0)
~~ ^ ~~~~~~
In file included from ../deps/libiconv/lib/iconv.c:71:
In file included from ../deps/libiconv/lib/converters.h:247:
In file included from ../deps/libiconv/lib/big5hkscs2001.h:47:
../deps/libiconv/lib/hkscs2001.h:62:11: warning: equality comparison with extraneous parentheses [-Wparentheses-equality]
if ((c1 == 0x8c)) {
~~~^~~~~~~
../deps/libiconv/lib/hkscs2001.h:62:11: note: remove extraneous parentheses around the comparison to silence this warning
if ((c1 == 0x8c)) {
~ ^ ~
../deps/libiconv/lib/hkscs2001.h:62:11: note: use '=' to turn this equality comparison into an assignment
if ((c1 == 0x8c)) {
^~
=
In file included from ../deps/libiconv/lib/iconv.c:71:
In file included from ../deps/libiconv/lib/converters.h:249:
In file included from ../deps/libiconv/lib/big5hkscs2008.h:47:
../deps/libiconv/lib/hkscs2008.h:58:11: warning: equality comparison with extraneous parentheses [-Wparentheses-equality]
if ((c1 == 0x87)) {
~~~^~~~~~~
../deps/libiconv/lib/hkscs2008.h:58:11: note: remove extraneous parentheses around the comparison to silence this warning
if ((c1 == 0x87)) {
~ ^ ~
../deps/libiconv/lib/hkscs2008.h:58:11: note: use '=' to turn this equality comparison into an assignment
if ((c1 == 0x87)) {
^~
=
In file included from ../deps/libiconv/lib/iconv.c:154:
lib/aliases.gperf:288:28: warning: static variable 'aliases' is used in an inline function with external linkage
[-Wstatic-in-inline]
register int o = aliases[key].name;
^
lib/aliases.gperf:274:1: note: use 'static' to give inline function 'aliases_lookup' internal linkage
__inline
^
static
lib/aliases.gperf:781:27: note: 'aliases' declared here
static const struct alias aliases[] =
^
lib/aliases.gperf:291:44: warning: static variable 'stringpool_contents' is used in an inline function with external linkage
[-Wstatic-in-inline]
register const char *s = o + stringpool;
^
lib/aliases.gperf:779:37: note: expanded from macro 'stringpool'
#define stringpool ((const char *) &stringpool_contents)
^
lib/aliases.gperf:274:1: note: use 'static' to give inline function 'aliases_lookup' internal linkage
__inline
^
static
lib/aliases.gperf:427:34: note: 'stringpool_contents' declared here
static const struct stringpool_t stringpool_contents =
^
lib/aliases.gperf:294:25: warning: static variable 'aliases' is used in an inline function with external linkage
[-Wstatic-in-inline]
return &aliases[key];
^
lib/aliases.gperf:274:1: note: use 'static' to give inline function 'aliases_lookup' internal linkage
__inline
^
static
lib/aliases.gperf:781:27: note: 'aliases' declared here
static const struct alias aliases[] =
^
16 warnings generated.
CC(target) Release/obj.target/iconv/support/localcharset.o
SOLINK_MODULE(target) Release/obj.target/iconv.node
COPY Release/iconv.node
gmake: Leaving directory '/usr/local/lib/node_modules/Haraka/node_modules/iconv/build'
/usr/local/lib
+-- express@4.16.1
| +-- accepts@1.3.4
| | +-- mime-types@2.1.17
| | | `-- mime-db@1.30.0
| | `-- negotiator@0.6.1
| +-- array-flatten@1.1.1
| +-- body-parser@1.18.2
| | +-- bytes@3.0.0
| | +-- http-errors@1.6.2
| | | +-- inherits@2.0.3
| | | `-- setprototypeof@1.0.3
| | +-- iconv-lite@0.4.19
| | `-- raw-body@2.3.2
| +-- content-disposition@0.5.2
| +-- content-type@1.0.4
| +-- cookie@0.3.1
| +-- cookie-signature@1.0.6
| +-- debug@2.6.9
| | `-- ms@2.0.0
| +-- depd@1.1.1
| +-- encodeurl@1.0.1
| +-- escape-html@1.0.3
| +-- etag@1.8.1
| +-- finalhandler@1.1.0
| | `-- unpipe@1.0.0
| +-- fresh@0.5.2
| +-- merge-descriptors@1.0.1
| +-- methods@1.1.2
| +-- on-finished@2.3.0
| | `-- ee-first@1.1.1
| +-- parseurl@1.3.2
| +-- path-to-regexp@0.1.7
| +-- proxy-addr@2.0.2
| | +-- forwarded@0.1.2
| | `-- ipaddr.js@1.5.2
| +-- qs@6.5.1
| +-- range-parser@1.2.0
| +-- safe-buffer@5.1.1
| +-- send@0.16.1
| | +-- destroy@1.0.4
| | `-- mime@1.4.1
| +-- serve-static@1.13.1
| +-- setprototypeof@1.1.0
| +-- statuses@1.3.1
| +-- type-is@1.6.15
| | `-- media-typer@0.3.0
| +-- utils-merge@1.0.1
| `-- vary@1.1.2
`-- Haraka@2.8.16 (git://github.com/haraka/Haraka.git#0c8ae994127b9cd68e2dad1370634c69f2cccc57)
+-- address-rfc2821@1.1.2
| `-- punycode@2.1.0
+-- address-rfc2822@2.0.1
| `-- email-addresses@3.0.1
+-- async@2.5.0
| `-- lodash@4.17.4
+-- daemon@1.1.0
+-- generic-pool@2.5.4
+-- haraka-config@1.0.15
| `-- js-yaml@3.10.0
| +-- argparse@1.0.9
| | `-- sprintf-js@1.0.3
| `-- esprima@4.0.0
+-- haraka-constants@1.0.5
+-- haraka-dsn@1.0.2
+-- haraka-net-utils@1.0.10
| +-- openssl-wrapper@0.3.4
| `-- vs-stun@0.0.7
+-- haraka-notes@1.0.2
+-- haraka-plugin-access@1.0.0
+-- haraka-plugin-asn@1.0.7
| `-- maxmind@0.6.0
+-- haraka-plugin-dcc@1.0.1
+-- haraka-plugin-elasticsearch@1.0.3
| `-- elasticsearch@13.3.1
| +-- agentkeepalive@2.2.0
| +-- chalk@1.1.3
| | +-- ansi-styles@2.2.1
| | +-- escape-string-regexp@1.0.5
| | +-- has-ansi@2.0.0
| | | `-- ansi-regex@2.1.1
| | +-- strip-ansi@3.0.1
| | `-- supports-color@2.0.0
| +-- lodash@2.4.2
| +-- lodash.get@4.4.2
| +-- lodash.isempty@4.4.0
| `-- lodash.trimend@4.5.1
+-- haraka-plugin-fcrdns@1.0.2
+-- haraka-plugin-geoip@1.0.5
| `-- maxmind@2.2.0
| +-- big-integer@1.6.25
| `-- lru-cache@4.1.1
| +-- pseudomap@1.0.2
| `-- yallist@2.1.2
+-- haraka-plugin-karma@1.0.10
+-- haraka-plugin-limit@1.0.4
+-- haraka-plugin-p0f@1.0.2
+-- haraka-plugin-qmail-deliverable@1.0.3
+-- haraka-plugin-recipient-routes@1.0.1
| `-- url@0.11.0
| +-- punycode@1.3.2
| `-- querystring@0.2.0
+-- haraka-plugin-redis@1.0.7
+-- haraka-plugin-rspamd@1.0.0
+-- haraka-plugin-syslog@1.0.3
| `-- modern-syslog@1.1.4
+-- haraka-plugin-watch@1.0.12
| `-- ws@3.2.0
| +-- async-limiter@1.0.0
| +-- safe-buffer@5.1.1
| `-- ultron@1.1.0
+-- haraka-results@2.0.2
+-- haraka-tld@1.0.17
+-- haraka-utils@1.0.1
+-- iconv@2.3.0
| `-- nan@2.7.0
+-- ipaddr.js@1.5.2
+-- ldapjs@1.0.1
| +-- asn1@0.2.3
| +-- assert-plus@1.0.0
| +-- backoff@2.5.0
| | `-- precond@0.2.3
| +-- bunyan@1.8.12
| | +-- dtrace-provider@0.8.5
| | +-- moment@2.18.1
| | +-- mv@2.1.1
| | | +-- ncp@2.0.0
| | | `-- rimraf@2.4.5
| | | `-- glob@6.0.4
| | | +-- inflight@1.0.6
| | | +-- minimatch@3.0.4
| | | | `-- brace-expansion@1.1.8
| | | | +-- balanced-match@1.0.0
| | | | `-- concat-map@0.0.1
| | | `-- path-is-absolute@1.0.1
| | `-- safe-json-stringify@1.0.4
| +-- dashdash@1.14.1
| +-- dtrace-provider@0.7.1
| +-- ldap-filter@0.2.2
| | `-- assert-plus@0.1.5
| +-- once@1.4.0
| | `-- wrappy@1.0.2
| +-- vasync@1.6.4
| | `-- verror@1.6.0
| `-- verror@1.10.0
| +-- core-util-is@1.0.2
| `-- extsprintf@1.2.0
+-- mkdirp@0.5.1
| `-- minimist@0.0.8
+-- nopt@4.0.1
| +-- abbrev@1.1.1
| `-- osenv@0.1.4
| `-- os-homedir@1.0.2
+-- npid@0.4.0
+-- ocsp@1.2.0
| +-- asn1.js@4.9.1
| | +-- bn.js@4.11.8
| | +-- inherits@2.0.3
| | `-- minimalistic-assert@1.0.0
| +-- asn1.js-rfc2560@4.0.5
| +-- asn1.js-rfc5280@2.0.0
| +-- async@1.5.2
| `-- simple-lru-cache@0.0.2
+-- redis@2.8.0
| +-- double-ended-queue@2.1.0-0
| +-- redis-commands@1.3.1
| `-- redis-parser@2.6.0
+-- semver@5.4.1
+-- sprintf-js@1.1.1
`-- tmp@0.0.33
`-- os-tmpdir@1.0.2
jexec stage bash -c cd /data && npm install --production haraka-plugin-log-reader haraka-plugin-known-senders haraka-plugin-aliases
haraka_local@0.0.1 /data
+-- haraka-plugin-aliases@1.0.0
+-- haraka-plugin-known-senders@1.0.3
`-- haraka-plugin-log-reader@1.0.9
npm WARN haraka_local@0.0.1 No repository field.
*** installing Haraka, stage 2 ***
jexec stage haraka -i /data
warning: Unable to create file: /data/README already exists
warning: Unable to create file: /data/package.json already exists
warning: Unable to create file: /data/config/internalcmd_key already exists
warning: EEXIST, File exists '/data/config/smtp.ini'
warning: EEXIST, File exists '/data/config/log.ini'
warning: EEXIST, File exists '/data/config/plugins'
warning: EEXIST, File exists '/data/config/dkim/dkim_key_gen.sh'
*** configuring Haraka ***
*** adding limit plugin ***
[log]
file=/var/log/maillog
mail.info /var/log/maillog
#*.* @syslog
*** enabling qmail-deliverable plugin ***
*** install p0f ***
pkg -j stage install -y p0f
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
Checking integrity... done (0 conflicting)
The following 1 package(s) will be affected (of 0 checked):
New packages to be INSTALLED:
p0f: 3.09b
Number of packages to be installed: 1
[haraka] [1/1] Installing p0f-3.09b...
[haraka] [1/1] Extracting p0f-3.09b: 100%
*** installing p0f startup file ***
sysrc -R /jails/stage p0f_enable=YES
p0f_enable: -> YES
jexec stage service p0f start
Starting p0f.
--- p0f 3.09b by Michal Zalewski <lcamtuf@coredump.cx> ---
[!] Consider specifying -u in daemon mode (see README).
[+] Loaded 322 signatures from '/usr/local/etc/p0f.fp'.
[+] Intercepting traffic on interface 'em0'.
[+] Custom filtering rule enabled: dst port 25 or dst port 587 or dst port 465 [+VLAN]
[+] Listening on API socket '/tmp/.p0f_socket' (max 20 clients).
[+] Daemon process created, PID 15141 (stderr not kept).
**Good luck, you're on your own now!**
*** enable Haraka p0f plugin ***
*** enabling Haraka spamassassin plugin ***
*** zroot/data/clamav filesystem exists ***
*** zroot/data/avg filesystem exists ***
*** configuring Haraka avg plugin ***
*** rejecting brutefore AUTH signature ***
ylmf\-pc
*** configuring haraka.log rotation ***
sysrc -R /jails/stage newsyslog_enable=YES
newsyslog_enable: NO -> YES
/var/log/haraka.log 644 7 * @T00 JC
*** configuring DCC ***
[dccifd]
host=172.16.15.48
port=1025
*** zroot/data/geoip filesystem exists ***
*** enabling Haraka geoip plugin ***
*** starting haraka ***
sysrc -R /jails/stage haraka_enable=YES
haraka_enable: -> YES
haraka_flags: -> -c /data
jexec stage service haraka start
loaded TLD files: 1=1544 2=6156 3=2246
loaded 8357 Public Suffixes
*** testing Haraka ***
checking for port 25 listener in staged jail
checking port 25
checking port 25
Success! Port 25 is listening in staging jail
*** promoting jail haraka ***
service jail stop stage
Stopping jails: stage.
jail -r stage
stage: removed
nameserver 172.16.15.3
umount /jails/stage/dev
unmount /jails/stage/usr/ports
unmount /jails/stage/var/cache/pkg
*** zroot/data/haraka filesystem exists ***
/data/haraka on /jails/stage/data (nullfs, local)
unmount data fs /jails/stage/data
*** zroot/data/geoip filesystem exists ***
/data/geoip on /jails/stage/usr/local/share/GeoIP (nullfs, local)
unmount data fs /jails/stage/usr/local/share/GeoIP
zfs rename zroot/jails/stage zroot/jails/haraka.ready
cannot unmount '/jails/stage': Device busy
waiting for ZFS filesystem to quiet (0)
cannot unmount '/jails/stage': Device busy
waiting for ZFS filesystem to quiet (1)
cannot unmount '/jails/stage': Device busy
waiting for ZFS filesystem to quiet (2)
cannot unmount '/jails/stage': Device busy
waiting for ZFS filesystem to quiet (3)
cannot unmount '/jails/stage': Device busy
waiting for ZFS filesystem to quiet (4)
cannot unmount '/jails/stage': Device busy
waiting for ZFS filesystem to quiet (5)
cannot unmount '/jails/stage': Device busy
waiting for ZFS filesystem to quiet (6)
cannot unmount '/jails/stage': Device busy
waiting for ZFS filesystem to quiet (7)
cannot unmount '/jails/stage': Device busy
waiting for ZFS filesystem to quiet (8)
cannot unmount '/jails/stage': Device busy
waiting for ZFS filesystem to quiet (9)
cannot unmount '/jails/stage': Device busy
waiting for ZFS filesystem to quiet (10)
cannot unmount '/jails/stage': Device busy
trying to force rename
waiting for ZFS filesystem to quiet (11)
service jail stop haraka
Stopping jails: haraka.
jail -r haraka
*** zroot/data/haraka filesystem exists ***
*** zroot/jails/haraka.last filesystem exists ***
zfs destroy zroot/jails/haraka.last
*** zroot/jails/haraka filesystem exists ***
zfs rename zroot/jails/haraka zroot/jails/haraka.last
cannot unmount '/jails/haraka': Device busy
waiting for ZFS filesystem to quiet (0)
cannot unmount '/jails/haraka': Device busy
waiting for ZFS filesystem to quiet (1)
cannot unmount '/jails/haraka': Device busy
waiting for ZFS filesystem to quiet (2)
cannot unmount '/jails/haraka': Device busy
waiting for ZFS filesystem to quiet (3)
cannot unmount '/jails/haraka': Device busy
waiting for ZFS filesystem to quiet (4)
cannot unmount '/jails/haraka': Device busy
waiting for ZFS filesystem to quiet (5)
cannot unmount '/jails/haraka': Device busy
trying to force rename (6)
waiting for ZFS filesystem to quiet (6)
zfs rename zroot/jails/haraka.ready zroot/jails/haraka
*** haraka already in /etc/jail.conf ***
*** service jail start haraka ***
Starting jails: haraka.
Success! A new 'haraka' jail is provisioned
#Earlier today, both MT6 servers ran out of swap space. Not sure which application is causing this. The only fix was to increase memory to 8GB. Even with the increase in memory, haraka will not start.
msimerson
commented
7 years ago My guess is something in your config. Remove your local config (rename /data/haraka) and reprovision. If that fixes it, introduce your localizations to the new /data/haraka until you find out which one is causing your problem.
s571
commented
7 years ago New MT6 server, last message in /var/log/messages: Oct 1 14:03:40 mxbt1 kernel: swap_pager_getswapspace(2): failed
Currently top shows:
Swap: 2048M Total, 1441M Used, 607M Free, 70% Inuse
Old MT6
JID IP Address Hostname Path 1 172.16.15.3 dns /jails/dns 2 172.16.15.4 mysql /jails/mysql 3 172.16.15.8 vpopmail /jails/vpopmail 4 172.16.15.15 dovecot /jails/dovecot 5 172.16.15.10 webmail /jails/webmail 6 172.16.15.12 haproxy /jails/haproxy 7 172.16.15.5 clamav /jails/clamav 8 172.16.15.14 avg /jails/avg 9 172.16.15.16 redis /jails/redis 10 172.16.15.13 rspamd /jails/rspamd 11 172.16.15.17 geoip /jails/geoip 12 172.16.15.6 spamassassin /jails/spamassassin 14 172.16.15.33 roundcube /jails/roundcube 15 172.16.15.11 monitor /jails/monitor 16 172.16.15.48 dcc /jails/dcc 18 172.16.15.9 haraka /jails/haraka
loaded TLD files: 1=1544 2=6156 3=2246 loaded 8357 Public Suffixes loaded TLD files: 1=1544 2=6156 3=2246 loaded TLD files: 1=1544 2=6156 3=2246 loaded 8357 Public Suffixes loaded 8357 Public Suffixes loaded TLD files: 1=1544 2=6156 3=2246 loaded 8357 Public Suffixes loaded TLD files: 1=1544 2=6156 3=2246 loaded TLD files: 1=1544 2=6156 3=2246 loaded 8357 Public Suffixes loaded 8357 Public Suffixes
root 16163 0.0 0.0 14796 2368 0 S+ 00:08 0:00.00 grep haraka
Just read your message above. Ok I will mv /data/haraka /data/haraka-old if it will let me.
s571
commented
7 years ago mv haraka haraka-old mv: cannot rename a mount point
s571
commented
7 years ago ok.
That seemed to kill everything in /data/haraka !! I have a backup copy though.
s571
commented
7 years ago Doesn't build complete....
loading mail-toaster.conf mysql enabled toaster host: host.redacted-domain.com email domain: redacted-domain.com IPv6 jail network: fd7a:e5cd:1fc1:21b3:dead:beef:cafe shell: /bin/csh safe name: stage
172.16.15.2 provision-base.sh 100% of 13 kB 18 MBps 00m00s loading mail-toaster.conf mysql enabled toaster host: host.redacted-domain.com email domain: redacted-domain.com IPv6 jail network: fd7a:e5cd:1fc1:21b3:dead:beef:cafe shell: /bin/csh safe name: stage include/shell.sh 100% of 2869 B 17 MBps 00m00s zroot/jails/base-11.0-RELEASE@p12 snapshot exists
172.16.15.9 provision-haraka.sh 100% of 16 kB 1315 kBps 00m00s loading mail-toaster.conf mysql enabled toaster host: mxbt1.barontel.com email domain: barontel.com IPv6 jail network: fd7a:e5cd:1fc1:21b3:dead:beef:cafe shell: /bin/csh safe name: stage zroot/jails/base-11.0-RELEASE@p12 snapshot exists
zroot/data/redis filesystem exists
stage cleanup
service jail stop stage Stopping jails:. jail -r stage
zroot/data/haraka filesystem exists
zroot/data/geoip filesystem exists
zroot/jails/stage filesystem exists
zfs destroy -f zroot/jails/stage
stage jail filesystem setup
zfs clone zroot/jails/base-11.0-RELEASE@p12 zroot/jails/stage sysrc -R /jails/stage hostname=haraka hostname: base -> haraka ip6.addr is already declared in haraka
zroot/data/haraka filesystem exists
zroot/data/haraka filesystem exists
mkdir -p /jails/stage/data mount_nullfs /data/haraka /jails/stage/data mount /jails/stage/usr/ports mount /jails/stage/var/cache/pkg
devfs BPF ruleset already present
stage jail haraka startup
ELF ldconfig path: /lib /usr/lib /usr/lib/compat /usr/local/lib 32-bit compatibility ldconfig path: /usr/lib32 Setting hostname: haraka. Starting syslogd. protect: procctl: Operation not permitted Clearing /tmp (X related). Starting cron.
Mon Oct 2 00:16:50 EDT 2017
zroot/data/geoip filesystem exists
mkdir -p /jails/stage/usr/local/share/GeoIP mount_nullfs /data/geoip /jails/stage/usr/local/share/GeoIP Updating FreeBSD repository catalogue... [haraka] Fetching meta.txz: 100% 944 B 0.9kB/s 00:01 [haraka] Fetching packagesite.txz: 100% 6 MiB 3.1MB/s 00:02 Processing entries: 100% FreeBSD repository update completed. 26965 packages processed. All repositories are up to date.
installing node & npm
pkg -j stage install -y node6 npm3 gmake Updating FreeBSD repository catalogue... FreeBSD repository is up to date. All repositories are up to date. Checking integrity... done (0 conflicting) The following 10 package(s) will be affected (of 0 checked):
New packages to be INSTALLED: node6: 6.11.3_1 npm3: 3.10.10_2 gmake: 4.2.1_1 c-ares: 1.12.0_2 libuv: 1.14.1 icu: 59.1,1 python27: 2.7.14 readline: 7.0.3 libffi: 3.2.1_1 python2: 2_3
Number of packages to be installed: 10
Note that some standard Python modules are provided as separate ports as they require additional dependencies. They are available as:
bsddb databases/py-bsddb gdbm databases/py-gdbm sqlite3 databases/py-sqlite3 tkinter x11-toolkits/py-tkinter
=========================================================================== Message from node6-6.11.3_1: Note: If you need npm (Node Package Manager), please install the npm3 package, or build any of the www/npm* ports with the NODE6 option enabled.
installing Haraka
jexec stage pkg install -y git-lite Updating FreeBSD repository catalogue... FreeBSD repository is up to date. All repositories are up to date. Checking integrity... done (0 conflicting) The following 5 package(s) will be affected (of 0 checked):
New packages to be INSTALLED: git-lite: 2.14.1 expat: 2.2.1 curl: 7.55.1 libnghttp2: 1.26.0 pcre: 8.40_1
Number of packages to be installed: 5
* GITWEB *** If you installed the GITWEB option please follow these instructions:
In the directory /usr/local/share/examples/git/gitweb you can find all files to make gitweb work as a public repository on the web.
All you have to do to make gitweb work is: 1) Copy the files /usr/local/share/examples/git/gitweb/ to a directory on your web server (e.g. Apache2) in which you are able to execute CGI-scripts. 2) In gitweb.cgi, adjust the variable $projectroot to point to your git repository (that is where you have your .git project directories). * GITWEB ***
jexec stage npm install --production -g haraka/Haraka ws express /usr/local/bin/haraka -> /usr/local/lib/node_modules/Haraka/bin/haraka /usr/local/bin/spf -> /usr/local/lib/node_modules/Haraka/bin/spf /usr/local/bin/haraka_grep -> /usr/local/lib/node_modules/Haraka/bin/haraka_grep /usr/local/bin/dkimverify -> /usr/local/lib/node_modules/Haraka/bin/dkimverify
dtrace-provider@0.8.5 install /usr/local/lib/node_modules/Haraka/node_modules/bunyan/node_modules/dtrace-provider node scripts/install.js
dtrace-provider@0.7.1 install /usr/local/lib/node_modules/Haraka/node_modules/dtrace-provider node scripts/install.js
modern-syslog@1.1.4 install /usr/local/lib/node_modules/Haraka/node_modules/modern-syslog node-gyp rebuild
gyp WARN EACCES user "root" does not have permission to access the dev dir "/root/.node-gyp/6.11.3" gyp WARN EACCES attempting to reinstall using temporary dev dir "/usr/local/lib/node_modules/Haraka/node_modules/modern-syslog/.node-gyp" gmake: Entering directory '/usr/local/lib/node_modules/Haraka/node_modules/modern-syslog/build' CXX(target) Release/obj.target/core/core.o SOLINK_MODULE(target) Release/obj.target/core.node COPY Release/core.node gmake: Leaving directory '/usr/local/lib/node_modules/Haraka/node_modules/modern-syslog/build'
iconv@2.3.0 install /usr/local/lib/node_modules/Haraka/node_modules/iconv node-gyp rebuild
gyp WARN EACCES user "root" does not have permission to access the dev dir "/root/.node-gyp/6.11.3"
gyp WARN EACCES attempting to reinstall using temporary dev dir "/usr/local/lib/node_modules/Haraka/node_modules/iconv/.node-gyp"
gmake: Entering directory '/usr/local/lib/node_modules/Haraka/node_modules/iconv/build'
CXX(target) Release/obj.target/iconv/src/binding.o
CC(target) Release/obj.target/iconv/deps/libiconv/lib/iconv.o
In file included from ../deps/libiconv/lib/iconv.c:71:
In file included from ../deps/libiconv/lib/converters.h:212:
../deps/libiconv/lib/jisx0208.h:2380:12: warning: comparison of unsigned expression >= 0 is always true
[-Wtautological-compare]
if (wc >= 0x0000 && wc < 0x0100)
~~ ^ ~~
In file included from ../deps/libiconv/lib/iconv.c:71:
In file included from ../deps/libiconv/lib/converters.h:213:
../deps/libiconv/lib/jisx0212.h:2160:12: warning: comparison of unsigned expression >= 0 is always true
[-Wtautological-compare]
if (wc >= 0x0000 && wc < 0x0460)
~~ ^ ~~
In file included from ../deps/libiconv/lib/iconv.c:71:
In file included from ../deps/libiconv/lib/converters.h:216:
../deps/libiconv/lib/gb2312.h:2538:12: warning: comparison of unsigned expression >= 0 is always true
[-Wtautological-compare]
if (wc >= 0x0000 && wc < 0x0460)
~~ ^ ~~
In file included from ../deps/libiconv/lib/iconv.c:71:
In file included from ../deps/libiconv/lib/converters.h:217:
In file included from ../deps/libiconv/lib/isoir165.h:80:
../deps/libiconv/lib/isoir165ext.h:759:12: warning: comparison of unsigned expression >= 0 is always true
[-Wtautological-compare]
if (wc >= 0x0000 && wc < 0x0200)
~~ ^ ~~
In file included from ../deps/libiconv/lib/iconv.c:71:
In file included from ../deps/libiconv/lib/converters.h:220:
In file included from ../deps/libiconv/lib/cns11643.h:37:
../deps/libiconv/lib/cns11643_inv.h:15372:12: warning: comparison of unsigned expression >= 0 is always true
[-Wtautological-compare]
if (wc >= 0x0000 && wc < 0x0100)
~~ ^ ~~
In file included from ../deps/libiconv/lib/iconv.c:71:
In file included from ../deps/libiconv/lib/converters.h:221:
../deps/libiconv/lib/big5.h:4123:12: warning: comparison of unsigned expression >= 0 is always true [-Wtautological-compare]
if (wc >= 0x0000 && wc < 0x0100)
~~ ^ ~~
In file included from ../deps/libiconv/lib/iconv.c:71:
In file included from ../deps/libiconv/lib/converters.h:223:
../deps/libiconv/lib/ksc5601.h:2987:12: warning: comparison of unsigned expression >= 0 is always true
[-Wtautological-compare]
if (wc >= 0x0000 && wc < 0x0460)
~~ ^ ~~
In file included from ../deps/libiconv/lib/iconv.c:71:
In file included from ../deps/libiconv/lib/converters.h:239:
In file included from ../deps/libiconv/lib/gb18030.h:185:
../deps/libiconv/lib/gb18030uni.h:184:23: warning: comparison of unsigned expression >= 0 is always true
[-Wtautological-compare]
if (i >= 0 && i <= 39419) {
~ ^ ~
In file included from ../deps/libiconv/lib/iconv.c:71:
In file included from ../deps/libiconv/lib/converters.h:239:
../deps/libiconv/lib/gb18030.h:248:25: warning: comparison of unsigned expression >= 0 is always true
[-Wtautological-compare]
if (i >= 0 && i < 0x100000) {
~ ^ ~
In file included from ../deps/libiconv/lib/iconv.c:71:
In file included from ../deps/libiconv/lib/converters.h:245:
In file included from ../deps/libiconv/lib/cp950.h:129:
../deps/libiconv/lib/cp950ext.h:38:11: warning: equality comparison with extraneous parentheses [-Wparentheses-equality]
if ((c1 == 0xf9)) {
../deps/libiconv/lib/cp950ext.h:38:11: note: remove extraneous parentheses around the comparison to silence this warning
if ((c1 == 0xf9)) {
~ ^ ~
../deps/libiconv/lib/cp950ext.h:38:11: note: use '=' to turn this equality comparison into an assignment
if ((c1 == 0xf9)) {
^~
=
In file included from ../deps/libiconv/lib/iconv.c:71:
In file included from ../deps/libiconv/lib/converters.h:246:
In file included from ../deps/libiconv/lib/big5hkscs1999.h:45:
../deps/libiconv/lib/hkscs1999.h:2956:12: warning: comparison of unsigned expression >= 0 is always true
[-Wtautological-compare]
if (wc >= 0x0000 && wc < 0x02d0)
~~ ^ ~~~~~~
In file included from ../deps/libiconv/lib/iconv.c:71:
In file included from ../deps/libiconv/lib/converters.h:247:
In file included from ../deps/libiconv/lib/big5hkscs2001.h:47:
../deps/libiconv/lib/hkscs2001.h:62:11: warning: equality comparison with extraneous parentheses [-Wparentheses-equality]
if ((c1 == 0x8c)) {
~~~^~~~~~~
../deps/libiconv/lib/hkscs2001.h:62:11: note: remove extraneous parentheses around the comparison to silence this warning
if ((c1 == 0x8c)) {
~ ^ ~
../deps/libiconv/lib/hkscs2001.h:62:11: note: use '=' to turn this equality comparison into an assignment
if ((c1 == 0x8c)) {
^~
=
In file included from ../deps/libiconv/lib/iconv.c:71:
In file included from ../deps/libiconv/lib/converters.h:249:
In file included from ../deps/libiconv/lib/big5hkscs2008.h:47:
../deps/libiconv/lib/hkscs2008.h:58:11: warning: equality comparison with extraneous parentheses [-Wparentheses-equality]
if ((c1 == 0x87)) {
~~~^~~~~~~
../deps/libiconv/lib/hkscs2008.h:58:11: note: remove extraneous parentheses around the comparison to silence this warning
if ((c1 == 0x87)) {
~ ^ ~
../deps/libiconv/lib/hkscs2008.h:58:11: note: use '=' to turn this equality comparison into an assignment
if ((c1 == 0x87)) {
^~
=
In file included from ../deps/libiconv/lib/iconv.c:154:
lib/aliases.gperf:288:28: warning: static variable 'aliases' is used in an inline function with external linkage
[-Wstatic-in-inline]
register int o = aliases[key].name;
^
lib/aliases.gperf:274:1: note: use 'static' to give inline function 'aliases_lookup' internal linkage
__inline
^
static
lib/aliases.gperf:781:27: note: 'aliases' declared here
static const struct alias aliases[] =
^
lib/aliases.gperf:291:44: warning: static variable 'stringpool_contents' is used in an inline function with external linkage
[-Wstatic-in-inline]
register const char *s = o + stringpool;
^
lib/aliases.gperf:779:37: note: expanded from macro 'stringpool'
#define stringpool ((const char *) &stringpool_contents)
^
lib/aliases.gperf:274:1: note: use 'static' to give inline function 'aliases_lookup' internal linkage
__inline
^
static
lib/aliases.gperf:427:34: note: 'stringpool_contents' declared here
static const struct stringpool_t stringpool_contents =
^
lib/aliases.gperf:294:25: warning: static variable 'aliases' is used in an inline function with external linkage
[-Wstatic-in-inline]
return &aliases[key];
^
lib/aliases.gperf:274:1: note: use 'static' to give inline function 'aliases_lookup' internal linkage
__inline
^
static
lib/aliases.gperf:781:27: note: 'aliases' declared here
static const struct alias aliases[] =
^
16 warnings generated.
CC(target) Release/obj.target/iconv/support/localcharset.o
SOLINK_MODULE(target) Release/obj.target/iconv.node
COPY Release/iconv.node
gmake: Leaving directory '/usr/local/lib/node_modules/Haraka/node_modules/iconv/build'
/usr/local/lib
+-- express@4.16.1
| +-- accepts@1.3.4
| | +-- mime-types@2.1.17
| | | `-- mime-db@1.30.0
| | `-- negotiator@0.6.1
| +-- array-flatten@1.1.1
| +-- body-parser@1.18.2
| | +-- bytes@3.0.0
| | +-- http-errors@1.6.2
| | | +-- inherits@2.0.3
| | | `-- setprototypeof@1.0.3
| | +-- iconv-lite@0.4.19
| | `-- raw-body@2.3.2
| +-- content-disposition@0.5.2
| +-- content-type@1.0.4
| +-- cookie@0.3.1
| +-- cookie-signature@1.0.6
| +-- debug@2.6.9
| | `-- ms@2.0.0
| +-- depd@1.1.1
| +-- encodeurl@1.0.1
| +-- escape-html@1.0.3
| +-- etag@1.8.1
| +-- finalhandler@1.1.0
| | `-- unpipe@1.0.0
| +-- fresh@0.5.2
| +-- merge-descriptors@1.0.1
| +-- methods@1.1.2
| +-- on-finished@2.3.0
| | `-- ee-first@1.1.1
| +-- parseurl@1.3.2
| +-- path-to-regexp@0.1.7
| +-- proxy-addr@2.0.2
| | +-- forwarded@0.1.2
| | `-- ipaddr.js@1.5.2
| +-- qs@6.5.1
| +-- range-parser@1.2.0
| +-- safe-buffer@5.1.1
| +-- send@0.16.1
| | +-- destroy@1.0.4
| | `-- mime@1.4.1
| +-- serve-static@1.13.1
| +-- setprototypeof@1.1.0
| +-- statuses@1.3.1
| +-- type-is@1.6.15
| | `-- media-typer@0.3.0
| +-- utils-merge@1.0.1
| `-- vary@1.1.2
`-- Haraka@2.8.16 (git://github.com/haraka/Haraka.git#0c8ae994127b9cd68e2dad1370634c69f2cccc57)
+-- address-rfc2821@1.1.2
| `-- punycode@2.1.0
+-- address-rfc2822@2.0.1
| `-- email-addresses@3.0.1
+-- async@2.5.0
| `-- lodash@4.17.4
+-- daemon@1.1.0
+-- generic-pool@2.5.4
+-- haraka-config@1.0.15
| `-- js-yaml@3.10.0
| +-- argparse@1.0.9
| | `-- sprintf-js@1.0.3
| `-- esprima@4.0.0
+-- haraka-constants@1.0.5
+-- haraka-dsn@1.0.2
+-- haraka-net-utils@1.0.10
| +-- openssl-wrapper@0.3.4
| `-- vs-stun@0.0.7
+-- haraka-notes@1.0.2
+-- haraka-plugin-access@1.0.0
+-- haraka-plugin-asn@1.0.7
| `-- maxmind@0.6.0
+-- haraka-plugin-dcc@1.0.1
+-- haraka-plugin-elasticsearch@1.0.3
| `-- elasticsearch@13.3.1
| +-- agentkeepalive@2.2.0
| +-- chalk@1.1.3
| | +-- ansi-styles@2.2.1
| | +-- escape-string-regexp@1.0.5
| | +-- has-ansi@2.0.0
| | | `-- ansi-regex@2.1.1
| | +-- strip-ansi@3.0.1
| | `-- supports-color@2.0.0
| +-- lodash@2.4.2
| +-- lodash.get@4.4.2
| +-- lodash.isempty@4.4.0
| `-- lodash.trimend@4.5.1
+-- haraka-plugin-fcrdns@1.0.2
+-- haraka-plugin-geoip@1.0.5
| `-- maxmind@2.2.0
| +-- big-integer@1.6.25
| `-- lru-cache@4.1.1
| +-- pseudomap@1.0.2
| `-- yallist@2.1.2
+-- haraka-plugin-karma@1.0.10
+-- haraka-plugin-limit@1.0.4
+-- haraka-plugin-p0f@1.0.2
+-- haraka-plugin-qmail-deliverable@1.0.3
+-- haraka-plugin-recipient-routes@1.0.1
| `-- url@0.11.0
| +-- punycode@1.3.2
| `-- querystring@0.2.0
+-- haraka-plugin-redis@1.0.7
+-- haraka-plugin-rspamd@1.0.0
+-- haraka-plugin-syslog@1.0.3
| `-- modern-syslog@1.1.4
+-- haraka-plugin-watch@1.0.12
| `-- ws@3.2.0
| +-- async-limiter@1.0.0
| +-- safe-buffer@5.1.1
| `-- ultron@1.1.0
+-- haraka-results@2.0.2
+-- haraka-tld@1.0.17
+-- haraka-utils@1.0.1
+-- iconv@2.3.0
| `-- nan@2.7.0
+-- ipaddr.js@1.5.2
+-- ldapjs@1.0.1
| +-- asn1@0.2.3
| +-- assert-plus@1.0.0
| +-- backoff@2.5.0
| | `-- precond@0.2.3
| +-- bunyan@1.8.12
| | +-- dtrace-provider@0.8.5
| | +-- moment@2.18.1
| | +-- mv@2.1.1
| | | +-- ncp@2.0.0
| | | `-- rimraf@2.4.5
| | | `-- glob@6.0.4
| | | +-- inflight@1.0.6
| | | +-- minimatch@3.0.4
| | | | `-- brace-expansion@1.1.8
| | | | +-- balanced-match@1.0.0
| | | | `-- concat-map@0.0.1
| | | `-- path-is-absolute@1.0.1
| | `-- safe-json-stringify@1.0.4
| +-- dashdash@1.14.1
| +-- dtrace-provider@0.7.1
| +-- ldap-filter@0.2.2
| | `-- assert-plus@0.1.5
| +-- once@1.4.0
| | `-- wrappy@1.0.2
| +-- vasync@1.6.4
| | `-- verror@1.6.0
| `-- verror@1.10.0
| +-- core-util-is@1.0.2
| `-- extsprintf@1.2.0
+-- mkdirp@0.5.1
| `-- minimist@0.0.8
+-- nopt@4.0.1
| +-- abbrev@1.1.1
| `-- osenv@0.1.4
| `-- os-homedir@1.0.2
+-- npid@0.4.0
+-- ocsp@1.2.0
| +-- asn1.js@4.9.1
| | +-- bn.js@4.11.8
| | +-- inherits@2.0.3
| | `-- minimalistic-assert@1.0.0
| +-- asn1.js-rfc2560@4.0.5
| +-- asn1.js-rfc5280@2.0.0
| +-- async@1.5.2
| `-- simple-lru-cache@0.0.2
+-- redis@2.8.0
| +-- double-ended-queue@2.1.0-0
| +-- redis-commands@1.3.1
| `-- redis-parser@2.6.0
+-- semver@5.4.1
+-- sprintf-js@1.1.1
`-- tmp@0.0.33
`-- os-tmpdir@1.0.2
jexec stage bash -c cd /data && npm install --production haraka-plugin-log-reader haraka-plugin-known-senders haraka-plugin-aliases
/data
+-- haraka-plugin-aliases@1.0.0
| `-- address-rfc2821@1.1.2
+-- haraka-plugin-known-senders@1.0.3
| +-- haraka-plugin-redis@1.0.7
| | `-- redis@2.8.0
| | +-- double-ended-queue@2.1.0-0
| | +-- redis-commands@1.3.1
| | `-- redis-parser@2.6.0
| `-- haraka-tld@1.0.17
| `-- punycode@2.1.0
`-- haraka-plugin-log-reader@1.0.9
npm WARN enoent ENOENT: no such file or directory, open '/data/package.json'
npm WARN data No description
npm WARN data No repository field.
npm WARN data No README data
npm WARN data No license field.
*** installing Haraka, stage 2 ***
jexec stage haraka -i /data
create: /data/plugins
create: /data/docs
create: /data/config
create: /data/config/smtp.ini
create: /data/config/log.ini
create: /data/config/plugins
create: /data/config/dkim
create: /data/config/dkim/dkim_key_gen.sh
*** configuring Haraka ***
*** adding limit plugin ***
cp /jails/stage/usr/local/lib/node_modules/Haraka/node_modules/haraka-plugin-limit/config/limit.ini /data/haraka/config/limit.ini
*** enable logging to syslog ***
[log]
file=/var/log/maillog
[general]
always_ok=true
mail.info /var/log/maillog
#*.* @syslog
*** config SMTP AUTH using vpopmaild ***
*** enabling vpopmaild plugin ***
*** configure smtp forward to vpopmail jail ***
host=172.16.15.8
port=25
*** config recipient validation with Qmail::Deliverable ***
check_outbound=true
host=172.16.15.8
*** enabling qmail-deliverable plugin ***
*** configuring dnsbls ***
reject=false
search=all
enable_stats=false
zones=b.barracudacentral.org, truncate.gbudb.net, psbl.surriel.com, bl.spamcop.net, dnsbl-1.uceprotect.net, zen.spamhaus.org, dnsbl.sorbs.net, dnsbl.justspam.org
reject=no
*** enable Haraka HTTP server ***
listen=[::0]:80
*** enable TLS encryption ***
*** installing TLS certificate ***
*** enabling dkim_sign plugin ***
disabled=false
*** generating DKIM keys ***
Generating RSA private key, 2048 bit long modulus
...........................+++
.....+++
e is 65537 (0x10001)
writing RSA key
Add this TXT record to the barontel.com DNS zone.
oct2017._domainkey IN TXT v=DKIM1;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArW/vINxiVS1aV+V7BOGR2FifdQv+FnNBxB5TfbL20VebgX46bLXSs/p+bzfKRgLh0TfrWZsPNLFc5v3pp8L1wCqkfcxAyRROWtDAQmXcDe2swfJrX9Meklqmn6OFWk2ucKkycSGhqJ/S4SVVO7869fb1aBa28ROTYBGmsW3CF/clR4PVAPt598Lztjsj07yxY0pBb8NDuCNzsbt3g9GnO/Ep0SLXbW9fonFnFRYSXMDT8WBHMi9ntc31LJHDZr7lneQnstGugboigXcPN9v3Bap57oNRWSysREjSBeGiKQoi2cfK3ZX2SCEquTikv3dvhNonx7Q/3FzOWSZXmCfnFwIDAQAB
BIND zone file formatted:
oct2017._domainkey IN TXT (
"v=DKIM1;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArW/vINxiVS1aV+V7BOGR2FifdQv+FnNBxB5TfbL20VebgX46bLXSs/p+"
"bzfKRgLh0TfrWZsPNLFc5v3pp8L1wCqkfcxAyRROWtDAQmXcDe2swfJrX9Meklqmn6OFWk2ucKkycSGhqJ/S4SVVO7869fb1aBa28ROTYBGmsW"
"3CF/clR4PVAPt598Lztjsj07yxY0pBb8NDuCNzsbt3g9GnO/Ep0SLXbW9fonFnFRYSXMDT8WBHMi9ntc31LJHDZr7lneQnstGugboigXcPN9v3"
"Bap57oNRWSysREjSBeGiKQoi2cfK3ZX2SCEquTikv3dvhNonx7Q/3FzOWSZXmCfnFwIDAQAB"
)
Tell the world that the ONLY mail servers that send mail from this domain are DKIM signed and/or bear our MX and A records.
With SPF:
SPF "v=spf1 mx a -all"
TXT "v=spf1 mx a -all"
With DMARC:
_dmarc TXT "v=DMARC1; p=reject; adkim=s; aspf=r; rua=mailto:dmarc-feedback@barontel.com; ruf=mailto:dmarc-feedback@barontel.com; pct=100"
For more information about DKIM and SPF policy, the documentation within each plugin contains a longer discussion and links to more detailed information:
haraka -h dkim_sign
haraka -h spf
*** NOTICE: action required for DKIM validation. See message ^^^ ***
*** install p0f ***
pkg -j stage install -y p0f
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
Checking integrity... done (0 conflicting)
The following 1 package(s) will be affected (of 0 checked):
New packages to be INSTALLED:
p0f: 3.09b
Number of packages to be installed: 1
[haraka] [1/1] Installing p0f-3.09b...
[haraka] [1/1] Extracting p0f-3.09b: 100%
*** installing p0f startup file ***
sysrc -R /jails/stage p0f_enable=YES
p0f_enable: -> YES
jexec stage service p0f start
Starting p0f.
--- p0f 3.09b by Michal Zalewski <lcamtuf@coredump.cx> ---
[!] Consider specifying -u in daemon mode (see README).
[+] Loaded 322 signatures from '/usr/local/etc/p0f.fp'.
[+] Intercepting traffic on interface 'em0'.
[+] Custom filtering rule enabled: dst port 25 or dst port 587 or dst port 465 [+VLAN]
[+] Listening on API socket '/tmp/.p0f_socket' (max 20 clients).
[+] Daemon process created, PID 38376 (stderr not kept).
Good luck, you're on your own now!
[main]
socket_path=/tmp/.p0f_socket
*** enable Haraka p0f plugin ***
*** enabling Haraka spamassassin plugin ***
*** configuring Haraka spamassassin plugin ***
spamd_socket=172.16.15.6:783
old_headers_action=rename
spamd_user=first-recipient
reject_threshold=10
relay_reject_threshold=7
*** configure Haraka rspamd plugin ***
host = 172.16.15.13
add_headers = always
*** enabling rspamd plugin ***
*** zroot/data/clamav filesystem exists ***
*** enabling Haraka clamav plugin ***
*** configure Haraka clamav plugin ***
clamd_socket=172.16.15.5:3310
[reject]
virus=true
error=false
DetectBrokenExecutables=false
Structured=false
ArchiveBlockEncrypted=false
PUA=false
OLE2=false
Safebrowsing=false
UNOFFICIAL=false
Phishing=false
*** zroot/data/avg filesystem exists ***
*** configuring Haraka avg plugin ***
host = 172.16.15.14
tmpdir=/data/avg/spool
*** enabling avg plugin ***
*** enabling watch plugin ***
*** configuring karma plugin ***
[redis]
dbid=1
server_ip=172.16.15.16
[deny_excludes]
plugins=send_email, access, helo.checks, data.headers, mail_from.is_resolvable, avg, limit, attachment, tls
*** enabling redis plugin ***
redis
configuring redis plugin
[server]
host=172.16.15.16
; port=6379
db=3
*** enabling geoip distance ***
calc_distance=true
[asn]
report_as=connect.asn
*** enable haproxy support ***
172.16.15.12
*** disabling HELO rejections ***
[reject]
mismatch=false
valid_hostname=false
*** rejecting brutefore AUTH signature ***
ylmf\-pc
*** cleaning up results ***
[connect.fcrdns]
hide=ptr_names,ptr_name_to_ip,ptr_name_has_ips,ptr_multidomain,has_rdns
[data.headers]
order=fail,pass,msg
[data.uribl]
hide=skip
[dnsbl]
hide=pass
[rcpt_to.qmail_deliverable]
order=fail,pass,msg
*** configuring haraka.log rotation ***
sysrc -R /jails/stage newsyslog_enable=YES
newsyslog_enable: NO -> YES
/var/log/haraka.log 644 7 * @T00 JC
*** whitelisting the staging IP ***
172.16.15.11
172.16.15.254
*** configuring DCC ***
[dccifd]
host=172.16.15.48
port=1025
*** zroot/data/geoip filesystem exists ***
*** enabling Haraka geoip plugin ***
*** starting haraka ***
sysrc -R /jails/stage haraka_enable=YES
haraka_enable: -> YES
haraka_flags: -> -c /data
jexec stage service haraka start
loaded TLD files: 1=1544 2=6156 3=2246
loaded 8357 Public Suffixes
#On side note, when building the new MT6 today, there was no /data/haraka/* ... it was brand new FreeBSD 11 VM created.
s571
commented
7 years ago in /data/haraka did; mv config config-old sudo sh . mail-toaster.sh provision base provision haraka
at end it gets as far as:
sysrc -R /jails/stage haraka_enable=YES haraka_enable: -> YES haraka_flags: -> -c /data jexec stage service haraka start loaded TLD files: 1=1544 2=6156 3=2246 loaded 8357 Public Suffixes #
msimerson
commented
7 years ago root@vmware:~ # jls
JID IP Address Hostname Path
1 172.16.15.3 dns /jails/dns
2 172.16.15.4 mysql /jails/mysql
3 172.16.15.16 redis /jails/redis
4 172.16.15.8 vpopmail /jails/vpopmail
5 172.16.15.15 dovecot /jails/dovecot
6 172.16.15.5 clamav /jails/clamav
7 172.16.15.48 dcc /jails/dcc
8 172.16.15.13 rspamd /jails/rspamd
9 172.16.15.17 geoip /jails/geoip
11 172.16.15.10 webmail /jails/webmail
12 172.16.15.12 haproxy /jails/haproxy
13 172.16.15.33 roundcube /jails/roundcube
14 172.16.15.35 rainloop /jails/rainloop
15 172.16.15.34 squirrelmail /jails/squirrelmail
16 172.16.15.11 monitor /jails/monitor
18 172.16.15.9 haraka /jails/haraka
root@vmware:~ # service jail stop haraka; zfs destroy zroot/jails/haraka; zfs destroy zroot/jails/haraka.last; zfs destroy zroot/data/haraka
Stopping jails: haraka.
# . mail-toaster.sh
loading mail-toaster.conf
mysql enabled
toaster host: vmware.imac27.simerson.net
email domain: vmware.imac27.simerson.net
IPv6 jail network: fd7a:e5cd:1fc1:212d:dead:beef:cafe
shell: /usr/local/bin/bash
safe name: stage
# cat mail-toaster.conf
export TOASTER_ORG_NAME="Sparky the Toaster"
export TOASTER_HOSTNAME="vmware.imac27.simerson.net"
export TOASTER_MAIL_DOMAIN="vmware.imac27.simerson.net"
export TOASTER_ADMIN_EMAIL="postmaster@vmware.imac27.simerson.net"
export TOASTER_SRC_URL="https://raw.githubusercontent.com/msimerson/Mail-Toaster-6/master"
export JAIL_NET_PREFIX="172.16.15"
export JAIL_NET_MASK="/12"
export JAIL_NET_INTERFACE="lo1"
export JAIL_NET6="fd7a:e5cd:1fc1:212d:dead:beef:cafe"
export ZFS_VOL="zroot"
export ZFS_JAIL_MNT="/jails"
export ZFS_DATA_MNT="/data"
export TOASTER_MYSQL="1"
export TOASTER_MARIADB="0"
export TOASTER_PKG_AUDIT="0"
export SQUIRREL_SQL="1"
# provision haraka
172.16.15.9
provision-haraka.sh 100% of 16 kB 669 kBps 00m00s
loading mail-toaster.conf
mysql enabled
toaster host: vmware.imac27.simerson.net
email domain: vmware.imac27.simerson.net
IPv6 jail network: fd7a:e5cd:1fc1:212d:dead:beef:cafe
shell: /usr/local/bin/bash
safe name: stage
zroot/jails/base-11.1-RELEASE@p1 snapshot exists
*** zroot/data/redis filesystem exists ***
*** stage cleanup ***
service jail stop stage
Stopping jails: stage.
jail -r stage
stage: removed
umount /jails/stage/dev
unmount /jails/stage/usr/ports
unmount /jails/stage/var/cache/pkg
*** zroot/data/haraka filesystem exists ***
/data/haraka on /jails/stage/data (nullfs, local)
unmount data fs /jails/stage/data
*** zroot/data/geoip filesystem exists ***
/data/geoip on /jails/stage/usr/local/share/GeoIP (nullfs, local)
unmount data fs /jails/stage/usr/local/share/GeoIP
*** zroot/jails/stage filesystem exists ***
zfs destroy -f zroot/jails/stage
*** stage jail filesystem setup ***
zfs clone zroot/jails/base-11.1-RELEASE@p1 zroot/jails/stage
sysrc -R /jails/stage hostname=haraka
hostname: base -> haraka
ip6.addr is already declared in haraka
*** zroot/data/haraka filesystem exists ***
*** zroot/data/haraka filesystem exists ***
mkdir -p /jails/stage/data
mount_nullfs /data/haraka /jails/stage/data
mount /jails/stage/usr/ports
mount /jails/stage/var/cache/pkg
*** devfs BPF ruleset already present ***
*** stage jail haraka startup ***
ELF ldconfig path: /lib /usr/lib /usr/lib/compat /usr/local/lib
32-bit compatibility ldconfig path: /usr/lib32
Setting hostname: haraka.
Starting syslogd.
Clearing /tmp (X related).
Starting cron.
Sun Oct 1 20:30:31 PDT 2017
*** zroot/data/geoip filesystem exists ***
mkdir -p /jails/stage/usr/local/share/GeoIP
mount_nullfs /data/geoip /jails/stage/usr/local/share/GeoIP
Updating FreeBSD repository catalogue...
[haraka] Fetching meta.txz: 100% 944 B 0.9kB/s 00:01
[haraka] Fetching packagesite.txz: 100% 6 MiB 1.5MB/s 00:04
Processing entries: 100%
FreeBSD repository update completed. 26965 packages processed.
All repositories are up to date.
*** installing node & npm ***
pkg -j stage install -y node6 npm3 gmake
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
Checking integrity... done (0 conflicting)
The following 10 package(s) will be affected (of 0 checked):
New packages to be INSTALLED:
node6: 6.11.3_1
npm3: 3.10.10_2
gmake: 4.2.1_1
c-ares: 1.12.0_2
libuv: 1.14.1
icu: 59.1,1
python27: 2.7.14
readline: 7.0.3
libffi: 3.2.1_1
python2: 2_3
Number of packages to be installed: 10
The process will require 148 MiB more space.
[haraka] [1/10] Installing readline-7.0.3...
[haraka] [1/10] Extracting readline-7.0.3: 100%
[haraka] [2/10] Installing libffi-3.2.1_1...
[haraka] [2/10] Extracting libffi-3.2.1_1: 100%
[haraka] [3/10] Installing c-ares-1.12.0_2...
[haraka] [3/10] Extracting c-ares-1.12.0_2: 100%
[haraka] [4/10] Installing libuv-1.14.1...
[haraka] [4/10] Extracting libuv-1.14.1: 100%
[haraka] [5/10] Installing icu-59.1,1...
[haraka] [5/10] Extracting icu-59.1,1: 100%
[haraka] [6/10] Installing python27-2.7.14...
[haraka] [6/10] Extracting python27-2.7.14: 100%
[haraka] [7/10] Installing node6-6.11.3_1...
[haraka] [7/10] Extracting node6-6.11.3_1: 100%
[haraka] [8/10] Installing gmake-4.2.1_1...
[haraka] [8/10] Extracting gmake-4.2.1_1: 100%
[haraka] [9/10] Installing python2-2_3...
[haraka] [9/10] Extracting python2-2_3: 100%
[haraka] [10/10] Installing npm3-3.10.10_2...
[haraka] [10/10] Extracting npm3-3.10.10_2: 100%
Message from python27-2.7.14:
===========================================================================
Note that some standard Python modules are provided as separate ports
as they require additional dependencies. They are available as:
bsddb databases/py-bsddb
gdbm databases/py-gdbm
sqlite3 databases/py-sqlite3
tkinter x11-toolkits/py-tkinter
===========================================================================
Message from node6-6.11.3_1:
Note: If you need npm (Node Package Manager), please install the npm3
package, or build any of the www/npm* ports with the NODE6 option enabled.
*** installing Haraka ***
jexec stage pkg install -y git-lite
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
Checking integrity... done (0 conflicting)
The following 5 package(s) will be affected (of 0 checked):
New packages to be INSTALLED:
git-lite: 2.14.1
expat: 2.2.1
curl: 7.55.1
libnghttp2: 1.26.0
pcre: 8.40_1
Number of packages to be installed: 5
The process will require 33 MiB more space.
[haraka] [1/5] Installing libnghttp2-1.26.0...
[haraka] [1/5] Extracting libnghttp2-1.26.0: 100%
[haraka] [2/5] Installing expat-2.2.1...
[haraka] [2/5] Extracting expat-2.2.1: 100%
[haraka] [3/5] Installing curl-7.55.1...
[haraka] [3/5] Extracting curl-7.55.1: 100%
[haraka] [4/5] Installing pcre-8.40_1...
[haraka] [4/5] Extracting pcre-8.40_1: 100%
[haraka] [5/5] Installing git-lite-2.14.1...
===> Creating groups.
Creating group 'git_daemon' with gid '964'.
===> Creating users
Creating user 'git_daemon' with uid '964'.
[haraka] [5/5] Extracting git-lite-2.14.1: 100%
Message from git-lite-2.14.1:
------------------------------------------------------------------------
*************************** GITWEB *************************************
If you installed the GITWEB option please follow these instructions:
In the directory /usr/local/share/examples/git/gitweb you can find all files to
make gitweb work as a public repository on the web.
All you have to do to make gitweb work is:
1) Copy the files /usr/local/share/examples/git/gitweb/* to a directory on
your web server (e.g. Apache2) in which you are able to execute
CGI-scripts.
2) In gitweb.cgi, adjust the variable $projectroot to point to
your git repository (that is where you have your *.git project
directories).
*************************** GITWEB *************************************
*************************** CONTRIB ************************************
If you installed the CONTRIB option please note that the scripts are
installed in /usr/local/share/git-core/contrib. Some of them require
other ports to be installed (perl, python, etc), which you may need to
install manually.
*************************** CONTRIB ************************************
------------------------------------------------------------------------
jexec stage npm install --production -g haraka/Haraka ws express
/usr/local/bin/spf -> /usr/local/lib/node_modules/Haraka/bin/spf
/usr/local/bin/haraka -> /usr/local/lib/node_modules/Haraka/bin/haraka
/usr/local/bin/dkimverify -> /usr/local/lib/node_modules/Haraka/bin/dkimverify
/usr/local/bin/haraka_grep -> /usr/local/lib/node_modules/Haraka/bin/haraka_grep
> dtrace-provider@0.8.5 install /usr/local/lib/node_modules/Haraka/node_modules/bunyan/node_modules/dtrace-provider
> node scripts/install.js
---------------
Building dtrace-provider failed with exit code 1 and signal 0
re-run install with environment variable V set to see the build output
---------------
> dtrace-provider@0.7.1 install /usr/local/lib/node_modules/Haraka/node_modules/dtrace-provider
> node scripts/install.js
> modern-syslog@1.1.4 install /usr/local/lib/node_modules/Haraka/node_modules/modern-syslog
> node-gyp rebuild
gyp WARN EACCES user "root" does not have permission to access the dev dir "/root/.node-gyp/6.11.3"
gyp WARN EACCES attempting to reinstall using temporary dev dir "/usr/local/lib/node_modules/Haraka/node_modules/modern-syslog/.node-gyp"
gmake: Entering directory '/usr/local/lib/node_modules/Haraka/node_modules/modern-syslog/build'
CXX(target) Release/obj.target/core/core.o
SOLINK_MODULE(target) Release/obj.target/core.node
COPY Release/core.node
gmake: Leaving directory '/usr/local/lib/node_modules/Haraka/node_modules/modern-syslog/build'
> iconv@2.3.0 install /usr/local/lib/node_modules/Haraka/node_modules/iconv
> node-gyp rebuild
gyp WARN EACCES user "root" does not have permission to access the dev dir "/root/.node-gyp/6.11.3"
gyp WARN EACCES attempting to reinstall using temporary dev dir "/usr/local/lib/node_modules/Haraka/node_modules/iconv/.node-gyp"
gmake: Entering directory '/usr/local/lib/node_modules/Haraka/node_modules/iconv/build'
CXX(target) Release/obj.target/iconv/src/binding.o
CC(target) Release/obj.target/iconv/deps/libiconv/lib/iconv.o
In file included from ../deps/libiconv/lib/iconv.c:71:
In file included from ../deps/libiconv/lib/converters.h:212:
../deps/libiconv/lib/jisx0208.h:2380:12: warning: comparison of unsigned expression
>= 0 is always true [-Wtautological-compare]
if (wc >= 0x0000 && wc < 0x0100)
~~ ^ ~~~~~~
In file included from ../deps/libiconv/lib/iconv.c:71:
In file included from ../deps/libiconv/lib/converters.h:213:
../deps/libiconv/lib/jisx0212.h:2160:12: warning: comparison of unsigned expression
>= 0 is always true [-Wtautological-compare]
if (wc >= 0x0000 && wc < 0x0460)
~~ ^ ~~~~~~
In file included from ../deps/libiconv/lib/iconv.c:71:
In file included from ../deps/libiconv/lib/converters.h:216:
../deps/libiconv/lib/gb2312.h:2538:12: warning: comparison of unsigned expression >=
0 is always true [-Wtautological-compare]
if (wc >= 0x0000 && wc < 0x0460)
~~ ^ ~~~~~~
In file included from ../deps/libiconv/lib/iconv.c:71:
In file included from ../deps/libiconv/lib/converters.h:217:
In file included from ../deps/libiconv/lib/isoir165.h:80:
../deps/libiconv/lib/isoir165ext.h:759:12: warning: comparison of unsigned expression
>= 0 is always true [-Wtautological-compare]
if (wc >= 0x0000 && wc < 0x0200)
~~ ^ ~~~~~~
In file included from ../deps/libiconv/lib/iconv.c:71:
In file included from ../deps/libiconv/lib/converters.h:220:
In file included from ../deps/libiconv/lib/cns11643.h:37:
../deps/libiconv/lib/cns11643_inv.h:15372:12: warning: comparison of unsigned
expression >= 0 is always true [-Wtautological-compare]
if (wc >= 0x0000 && wc < 0x0100)
~~ ^ ~~~~~~
In file included from ../deps/libiconv/lib/iconv.c:71:
In file included from ../deps/libiconv/lib/converters.h:221:
../deps/libiconv/lib/big5.h:4123:12: warning: comparison of unsigned expression >= 0
is always true [-Wtautological-compare]
if (wc >= 0x0000 && wc < 0x0100)
~~ ^ ~~~~~~
In file included from ../deps/libiconv/lib/iconv.c:71:
In file included from ../deps/libiconv/lib/converters.h:223:
../deps/libiconv/lib/ksc5601.h:2987:12: warning: comparison of unsigned expression >=
0 is always true [-Wtautological-compare]
if (wc >= 0x0000 && wc < 0x0460)
~~ ^ ~~~~~~
In file included from ../deps/libiconv/lib/iconv.c:71:
In file included from ../deps/libiconv/lib/converters.h:239:
In file included from ../deps/libiconv/lib/gb18030.h:185:
../deps/libiconv/lib/gb18030uni.h:184:23: warning: comparison of unsigned expression
>= 0 is always true [-Wtautological-compare]
if (i >= 0 && i <= 39419) {
~ ^ ~
In file included from ../deps/libiconv/lib/iconv.c:71:
In file included from ../deps/libiconv/lib/converters.h:239:
../deps/libiconv/lib/gb18030.h:248:25: warning: comparison of unsigned expression >=
0 is always true [-Wtautological-compare]
if (i >= 0 && i < 0x100000) {
~ ^ ~
In file included from ../deps/libiconv/lib/iconv.c:71:
In file included from ../deps/libiconv/lib/converters.h:245:
In file included from ../deps/libiconv/lib/cp950.h:129:
../deps/libiconv/lib/cp950ext.h:38:11: warning: equality comparison with extraneous
parentheses [-Wparentheses-equality]
if ((c1 == 0xf9)) {
~~~^~~~~~~
../deps/libiconv/lib/cp950ext.h:38:11: note: remove extraneous parentheses around the
comparison to silence this warning
if ((c1 == 0xf9)) {
~ ^ ~
../deps/libiconv/lib/cp950ext.h:38:11: note: use '=' to turn this equality comparison
into an assignment
if ((c1 == 0xf9)) {
^~
=
In file included from ../deps/libiconv/lib/iconv.c:71:
In file included from ../deps/libiconv/lib/converters.h:246:
In file included from ../deps/libiconv/lib/big5hkscs1999.h:45:
../deps/libiconv/lib/hkscs1999.h:2956:12: warning: comparison of unsigned expression
>= 0 is always true [-Wtautological-compare]
if (wc >= 0x0000 && wc < 0x02d0)
~~ ^ ~~~~~~
In file included from ../deps/libiconv/lib/iconv.c:71:
In file included from ../deps/libiconv/lib/converters.h:247:
In file included from ../deps/libiconv/lib/big5hkscs2001.h:47:
../deps/libiconv/lib/hkscs2001.h:62:11: warning: equality comparison with extraneous
parentheses [-Wparentheses-equality]
if ((c1 == 0x8c)) {
~~~^~~~~~~
../deps/libiconv/lib/hkscs2001.h:62:11: note: remove extraneous parentheses around
the comparison to silence this warning
if ((c1 == 0x8c)) {
~ ^ ~
../deps/libiconv/lib/hkscs2001.h:62:11: note: use '=' to turn this equality
comparison into an assignment
if ((c1 == 0x8c)) {
^~
=
In file included from ../deps/libiconv/lib/iconv.c:71:
In file included from ../deps/libiconv/lib/converters.h:249:
In file included from ../deps/libiconv/lib/big5hkscs2008.h:47:
../deps/libiconv/lib/hkscs2008.h:58:11: warning: equality comparison with extraneous
parentheses [-Wparentheses-equality]
if ((c1 == 0x87)) {
~~~^~~~~~~
../deps/libiconv/lib/hkscs2008.h:58:11: note: remove extraneous parentheses around
the comparison to silence this warning
if ((c1 == 0x87)) {
~ ^ ~
../deps/libiconv/lib/hkscs2008.h:58:11: note: use '=' to turn this equality
comparison into an assignment
if ((c1 == 0x87)) {
^~
=
In file included from ../deps/libiconv/lib/iconv.c:154:
lib/aliases.gperf:288:28: warning: static variable 'aliases' is used in an inline
function with external linkage [-Wstatic-in-inline]
register int o = aliases[key].name;
^
lib/aliases.gperf:274:1: note: use 'static' to give inline function 'aliases_lookup'
internal linkage
__inline
^
static
lib/aliases.gperf:781:27: note: 'aliases' declared here
static const struct alias aliases[] =
^
lib/aliases.gperf:291:44: warning: static variable 'stringpool_contents' is used in
an inline function with external linkage [-Wstatic-in-inline]
register const char *s = o + stringpool;
^
lib/aliases.gperf:779:37: note: expanded from macro 'stringpool'
#define stringpool ((const char *) &stringpool_contents)
^
lib/aliases.gperf:274:1: note: use 'static' to give inline function 'aliases_lookup'
internal linkage
__inline
^
static
lib/aliases.gperf:427:34: note: 'stringpool_contents' declared here
static const struct stringpool_t stringpool_contents =
^
lib/aliases.gperf:294:25: warning: static variable 'aliases' is used in an inline
function with external linkage [-Wstatic-in-inline]
return &aliases[key];
^
lib/aliases.gperf:274:1: note: use 'static' to give inline function 'aliases_lookup'
internal linkage
__inline
^
static
lib/aliases.gperf:781:27: note: 'aliases' declared here
static const struct alias aliases[] =
^
16 warnings generated.
CC(target) Release/obj.target/iconv/support/localcharset.o
SOLINK_MODULE(target) Release/obj.target/iconv.node
COPY Release/iconv.node
gmake: Leaving directory '/usr/local/lib/node_modules/Haraka/node_modules/iconv/build'
/usr/local/lib
+-- express@4.16.1
| +-- accepts@1.3.4
| | +-- mime-types@2.1.17
| | | `-- mime-db@1.30.0
| | `-- negotiator@0.6.1
| +-- array-flatten@1.1.1
| +-- body-parser@1.18.2
| | +-- bytes@3.0.0
| | +-- http-errors@1.6.2
| | | +-- inherits@2.0.3
| | | `-- setprototypeof@1.0.3
| | +-- iconv-lite@0.4.19
| | `-- raw-body@2.3.2
| +-- content-disposition@0.5.2
| +-- content-type@1.0.4
| +-- cookie@0.3.1
| +-- cookie-signature@1.0.6
| +-- debug@2.6.9
| | `-- ms@2.0.0
| +-- depd@1.1.1
| +-- encodeurl@1.0.1
| +-- escape-html@1.0.3
| +-- etag@1.8.1
| +-- finalhandler@1.1.0
| | `-- unpipe@1.0.0
| +-- fresh@0.5.2
| +-- merge-descriptors@1.0.1
| +-- methods@1.1.2
| +-- on-finished@2.3.0
| | `-- ee-first@1.1.1
| +-- parseurl@1.3.2
| +-- path-to-regexp@0.1.7
| +-- proxy-addr@2.0.2
| | +-- forwarded@0.1.2
| | `-- ipaddr.js@1.5.2
| +-- qs@6.5.1
| +-- range-parser@1.2.0
| +-- safe-buffer@5.1.1
| +-- send@0.16.1
| | +-- destroy@1.0.4
| | `-- mime@1.4.1
| +-- serve-static@1.13.1
| +-- setprototypeof@1.1.0
| +-- statuses@1.3.1
| +-- type-is@1.6.15
| | `-- media-typer@0.3.0
| +-- utils-merge@1.0.1
| `-- vary@1.1.2
`-- Haraka@2.8.16 (git://github.com/haraka/Haraka.git#0c8ae994127b9cd68e2dad1370634c69f2cccc57)
+-- address-rfc2821@1.1.2
| `-- punycode@2.1.0
+-- address-rfc2822@2.0.1
| `-- email-addresses@3.0.1
+-- async@2.5.0
| `-- lodash@4.17.4
+-- daemon@1.1.0
+-- generic-pool@2.5.4
+-- haraka-config@1.0.15
| `-- js-yaml@3.10.0
| +-- argparse@1.0.9
| | `-- sprintf-js@1.0.3
| `-- esprima@4.0.0
+-- haraka-constants@1.0.5
+-- haraka-dsn@1.0.2
+-- haraka-net-utils@1.0.10
| +-- openssl-wrapper@0.3.4
| `-- vs-stun@0.0.7
+-- haraka-notes@1.0.2
+-- haraka-plugin-access@1.0.0
+-- haraka-plugin-asn@1.0.7
| `-- maxmind@0.6.0
+-- haraka-plugin-dcc@1.0.1
+-- haraka-plugin-elasticsearch@1.0.3
| `-- elasticsearch@13.3.1
| +-- agentkeepalive@2.2.0
| +-- chalk@1.1.3
| | +-- ansi-styles@2.2.1
| | +-- escape-string-regexp@1.0.5
| | +-- has-ansi@2.0.0
| | | `-- ansi-regex@2.1.1
| | +-- strip-ansi@3.0.1
| | `-- supports-color@2.0.0
| +-- lodash@2.4.2
| +-- lodash.get@4.4.2
| +-- lodash.isempty@4.4.0
| `-- lodash.trimend@4.5.1
+-- haraka-plugin-fcrdns@1.0.2
+-- haraka-plugin-geoip@1.0.5
| `-- maxmind@2.2.0
| +-- big-integer@1.6.25
| `-- lru-cache@4.1.1
| +-- pseudomap@1.0.2
| `-- yallist@2.1.2
+-- haraka-plugin-karma@1.0.10
+-- haraka-plugin-limit@1.0.4
+-- haraka-plugin-p0f@1.0.2
+-- haraka-plugin-qmail-deliverable@1.0.3
+-- haraka-plugin-recipient-routes@1.0.1
| `-- url@0.11.0
| +-- punycode@1.3.2
| `-- querystring@0.2.0
+-- haraka-plugin-redis@1.0.7
+-- haraka-plugin-rspamd@1.0.0
+-- haraka-plugin-syslog@1.0.3
| `-- modern-syslog@1.1.4
+-- haraka-plugin-watch@1.0.12
| `-- ws@3.2.0
| +-- async-limiter@1.0.0
| +-- safe-buffer@5.1.1
| `-- ultron@1.1.0
+-- haraka-results@2.0.2
+-- haraka-tld@1.0.17
+-- haraka-utils@1.0.1
+-- iconv@2.3.0
| `-- nan@2.7.0
+-- ipaddr.js@1.5.2
+-- ldapjs@1.0.1
| +-- asn1@0.2.3
| +-- assert-plus@1.0.0
| +-- backoff@2.5.0
| | `-- precond@0.2.3
| +-- bunyan@1.8.12
| | +-- dtrace-provider@0.8.5
| | +-- moment@2.18.1
| | +-- mv@2.1.1
| | | +-- ncp@2.0.0
| | | `-- rimraf@2.4.5
| | | `-- glob@6.0.4
| | | +-- inflight@1.0.6
| | | +-- minimatch@3.0.4
| | | | `-- brace-expansion@1.1.8
| | | | +-- balanced-match@1.0.0
| | | | `-- concat-map@0.0.1
| | | `-- path-is-absolute@1.0.1
| | `-- safe-json-stringify@1.0.4
| +-- dashdash@1.14.1
| +-- dtrace-provider@0.7.1
| +-- ldap-filter@0.2.2
| | `-- assert-plus@0.1.5
| +-- once@1.4.0
| | `-- wrappy@1.0.2
| +-- vasync@1.6.4
| | `-- verror@1.6.0
| `-- verror@1.10.0
| +-- core-util-is@1.0.2
| `-- extsprintf@1.2.0
+-- mkdirp@0.5.1
| `-- minimist@0.0.8
+-- nopt@4.0.1
| +-- abbrev@1.1.1
| `-- osenv@0.1.4
| `-- os-homedir@1.0.2
+-- npid@0.4.0
+-- ocsp@1.2.0
| +-- asn1.js@4.9.1
| | +-- bn.js@4.11.8
| | +-- inherits@2.0.3
| | `-- minimalistic-assert@1.0.0
| +-- asn1.js-rfc2560@4.0.5
| +-- asn1.js-rfc5280@2.0.0
| +-- async@1.5.2
| `-- simple-lru-cache@0.0.2
+-- redis@2.8.0
| +-- double-ended-queue@2.1.0-0
| +-- redis-commands@1.3.1
| `-- redis-parser@2.6.0
+-- semver@5.4.1
+-- sprintf-js@1.1.1
`-- tmp@0.0.33
`-- os-tmpdir@1.0.2
jexec stage bash -c cd /data && npm install --production haraka-plugin-log-reader haraka-plugin-known-senders haraka-plugin-aliases
/data
+-- haraka-plugin-aliases@1.0.0
| `-- address-rfc2821@1.1.2
| `-- punycode@2.1.0
+-- haraka-plugin-known-senders@1.0.3
| +-- haraka-plugin-redis@1.0.7
| | `-- redis@2.8.0
| | +-- double-ended-queue@2.1.0-0
| | +-- redis-commands@1.3.1
| | `-- redis-parser@2.6.0
| `-- haraka-tld@1.0.17
`-- haraka-plugin-log-reader@1.0.9
npm WARN enoent ENOENT: no such file or directory, open '/data/package.json'
npm WARN data No description
npm WARN data No repository field.
npm WARN data No README data
npm WARN data No license field.
*** installing Haraka, stage 2 ***
jexec stage haraka -i /data
create: /data/plugins
create: /data/docs
create: /data/config
create: /data/config/smtp.ini
create: /data/config/log.ini
create: /data/config/plugins
create: /data/config/dkim
create: /data/config/dkim/dkim_key_gen.sh
*** configuring Haraka ***
*** adding limit plugin ***
cp /jails/stage/usr/local/lib/node_modules/Haraka/node_modules/haraka-plugin-limit/config/limit.ini /data/haraka/config/limit.ini
*** enable logging to syslog ***
[log]
file=/var/log/maillog
[general]
always_ok=true
mail.info /var/log/maillog
#*.* @syslog
*** config SMTP AUTH using vpopmaild ***
*** enabling vpopmaild plugin ***
*** configure smtp forward to vpopmail jail ***
host=172.16.15.8
port=25
*** config recipient validation with Qmail::Deliverable ***
check_outbound=true
host=172.16.15.8
*** enabling qmail-deliverable plugin ***
*** configuring dnsbls ***
reject=false
search=all
enable_stats=false
zones=b.barracudacentral.org, truncate.gbudb.net, psbl.surriel.com, bl.spamcop.net, dnsbl-1.uceprotect.net, zen.spamhaus.org, dnsbl.sorbs.net, dnsbl.justspam.org
reject=no
*** enable Haraka HTTP server ***
listen=[::0]:80
*** enable TLS encryption ***
*** installing TLS certificate ***
*** enabling dkim_sign plugin ***
disabled=false
*** generating DKIM keys ***
Generating RSA private key, 2048 bit long modulus
............................................................+++
......................+++
e is 65537 (0x10001)
writing RSA key
Add this TXT record to the vmware.imac27.simerson.net DNS zone.
oct2017._domainkey IN TXT v=DKIM1;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsLs7w15FCshxr7o6GMsj7vK6grZy5iiL8rUZB/hPobv0F0DclAvuoYxmQQ0T/o1A3nBSCj1Ir0C+rnNKrVz0QmGjhsh3N4HRX1WcNLyDr7xr6PTbfgzP8uCaP4mujmFuL/unBs/HtI+h1RDAZVAkznwn1Y8H1U3KrI2ZXSjm7mNLndBzbnHhgtY3b0DpOrmwdHvev7wUIup8Am0kj8tZHHZiXv1ceP2JYmeVhnQZwM+cp/70Tq0T+lrv/q/PDt7kqCh2lq5gaKHnaG3luc5tbwgBtg93o5hwGIzni2f4HjKdmBmCZ5Ck2oo1kBzUfLN7P65axUOQVCnuMGYWQdqQ/wIDAQAB
BIND zone file formatted:
oct2017._domainkey IN TXT (
"v=DKIM1;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsLs7w15FCshxr7o6GMsj7vK6grZy5iiL8rUZB/hPobv0F0DclAvuoYxm"
"QQ0T/o1A3nBSCj1Ir0C+rnNKrVz0QmGjhsh3N4HRX1WcNLyDr7xr6PTbfgzP8uCaP4mujmFuL/unBs/HtI+h1RDAZVAkznwn1Y8H1U3KrI2ZXS"
"jm7mNLndBzbnHhgtY3b0DpOrmwdHvev7wUIup8Am0kj8tZHHZiXv1ceP2JYmeVhnQZwM+cp/70Tq0T+lrv/q/PDt7kqCh2lq5gaKHnaG3luc5t"
"bwgBtg93o5hwGIzni2f4HjKdmBmCZ5Ck2oo1kBzUfLN7P65axUOQVCnuMGYWQdqQ/wIDAQAB"
)
Tell the world that the ONLY mail servers that send mail from this domain are DKIM signed and/or bear our MX and A records.
With SPF:
SPF "v=spf1 mx a -all"
TXT "v=spf1 mx a -all"
With DMARC:
_dmarc TXT "v=DMARC1; p=reject; adkim=s; aspf=r; rua=mailto:dmarc-feedback@vmware.imac27.simerson.net; ruf=mailto:dmarc-feedback@vmware.imac27.simerson.net; pct=100"
For more information about DKIM and SPF policy, the documentation within each plugin contains a longer discussion and links to more detailed information:
haraka -h dkim_sign
haraka -h spf
*** NOTICE: action required for DKIM validation. See message ^^^ ***
*** install p0f ***
pkg -j stage install -y p0f
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
Checking integrity... done (0 conflicting)
The following 1 package(s) will be affected (of 0 checked):
New packages to be INSTALLED:
p0f: 3.09b
Number of packages to be installed: 1
[haraka] [1/1] Installing p0f-3.09b...
[haraka] [1/1] Extracting p0f-3.09b: 100%
*** installing p0f startup file ***
sysrc -R /jails/stage p0f_enable=YES
p0f_enable: -> YES
jexec stage service p0f start
Starting p0f.
--- p0f 3.09b by Michal Zalewski <lcamtuf@coredump.cx> ---
[!] Consider specifying -u in daemon mode (see README).
[+] Loaded 322 signatures from '/usr/local/etc/p0f.fp'.
[+] Intercepting traffic on interface 'em0'.
[+] Custom filtering rule enabled: dst port 25 or dst port 587 or dst port 465 [+VLAN]
[+] Listening on API socket '/tmp/.p0f_socket' (max 20 clients).
[+] Daemon process created, PID 8719 (stderr not kept).
Good luck, you're on your own now!
[main]
socket_path=/tmp/.p0f_socket
*** enable Haraka p0f plugin ***
*** skipping spamassassin setup, no jail exists ***
*** configure Haraka rspamd plugin ***
host = 172.16.15.13
add_headers = always
*** enabling rspamd plugin ***
*** zroot/data/clamav filesystem exists ***
*** enabling Haraka clamav plugin ***
*** configure Haraka clamav plugin ***
clamd_socket=172.16.15.5:3310
[reject]
virus=true
error=false
DetectBrokenExecutables=false
Structured=false
ArchiveBlockEncrypted=false
PUA=false
OLE2=false
Safebrowsing=false
UNOFFICIAL=false
Phishing=false
*** zroot/data/avg filesystem exists ***
*** configuring Haraka avg plugin ***
host = 172.16.15.14
tmpdir=/data/avg/spool
*** enabling avg plugin ***
*** enabling watch plugin ***
*** configuring karma plugin ***
[redis]
dbid=1
server_ip=172.16.15.16
[deny_excludes]
plugins=send_email, access, helo.checks, data.headers, mail_from.is_resolvable, avg, limit, attachment, tls
*** enabling redis plugin ***
redis
configuring redis plugin
[server]
host=172.16.15.16
; port=6379
db=3
*** enabling geoip distance ***
calc_distance=true
[asn]
report_as=connect.asn
*** enable haproxy support ***
172.16.15.12
*** disabling HELO rejections ***
[reject]
mismatch=false
valid_hostname=false
*** rejecting brutefore AUTH signature ***
ylmf\-pc
*** cleaning up results ***
[connect.fcrdns]
hide=ptr_names,ptr_name_to_ip,ptr_name_has_ips,ptr_multidomain,has_rdns
[data.headers]
order=fail,pass,msg
[data.uribl]
hide=skip
[dnsbl]
hide=pass
[rcpt_to.qmail_deliverable]
order=fail,pass,msg
*** configuring haraka.log rotation ***
sysrc -R /jails/stage newsyslog_enable=YES
newsyslog_enable: NO -> YES
/var/log/haraka.log 644 7 * @T00 JC
*** whitelisting the staging IP ***
172.16.15.11
172.16.15.254
*** configuring DCC ***
[dccifd]
host=172.16.15.48
port=1025
*** zroot/data/geoip filesystem exists ***
*** enabling Haraka geoip plugin ***
*** starting haraka ***
sysrc -R /jails/stage haraka_enable=YES
haraka_enable: -> YES
haraka_flags: -> -c /data
jexec stage service haraka start
loaded TLD files: 1=1544 2=6156 3=2246
loaded 8357 Public Suffixes
*** testing Haraka ***
checking for port 25 listener in staged jail
checking port 25
checking port 25
Success! Port 25 is listening in staging jail
*** promoting jail haraka ***
service jail stop stage
Stopping jails: stage.
jail -r stage
stage: removed
nameserver 172.16.15.3
umount /jails/stage/dev
unmount /jails/stage/usr/ports
unmount /jails/stage/var/cache/pkg
*** zroot/data/haraka filesystem exists ***
/data/haraka on /jails/stage/data (nullfs, local)
unmount data fs /jails/stage/data
*** zroot/data/geoip filesystem exists ***
/data/geoip on /jails/stage/usr/local/share/GeoIP (nullfs, local)
unmount data fs /jails/stage/usr/local/share/GeoIP
zfs rename zroot/jails/stage zroot/jails/haraka.ready
cannot unmount '/jails/stage': Device busy
waiting for ZFS filesystem to quiet (0)
cannot unmount '/jails/stage': Device busy
waiting for ZFS filesystem to quiet (1)
cannot unmount '/jails/stage': Device busy
waiting for ZFS filesystem to quiet (2)
cannot unmount '/jails/stage': Device busy
waiting for ZFS filesystem to quiet (3)
cannot unmount '/jails/stage': Device busy
waiting for ZFS filesystem to quiet (4)
cannot unmount '/jails/stage': Device busy
waiting for ZFS filesystem to quiet (5)
cannot unmount '/jails/stage': Device busy
waiting for ZFS filesystem to quiet (6)
cannot unmount '/jails/stage': Device busy
waiting for ZFS filesystem to quiet (7)
cannot unmount '/jails/stage': Device busy
waiting for ZFS filesystem to quiet (8)
cannot unmount '/jails/stage': Device busy
waiting for ZFS filesystem to quiet (9)
cannot unmount '/jails/stage': Device busy
waiting for ZFS filesystem to quiet (10)
cannot unmount '/jails/stage': Device busy
trying to force rename
waiting for ZFS filesystem to quiet (11)
service jail stop haraka
Stopping jails:.
jail -r haraka
*** zroot/data/haraka filesystem exists ***
zfs rename zroot/jails/haraka.ready zroot/jails/haraka
*** haraka already in /etc/jail.conf ***
*** service jail start haraka ***
Starting jails: haraka.
Success! A new 'haraka' jail is provisioned
[root@vmware ~/builds/eb3c86ec/0/msimerson/Mail-Toaster-6]# jexec haraka sockstat
USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS
root node 9295 3 stream -> ??
root node 9295 124 dgram -> /var/run/logpriv
root node 9295 125 stream-> /tmp/.p0f_socket
root node 9295 126 tcp4 172.16.15.9:56465 172.16.15.16:6379
root node 9295 127 tcp4 172.16.15.9:26846 172.16.15.16:6379
root node 9295 128 tcp4 172.16.15.9:17975 172.16.15.16:6379
root node 9294 3 stream -> ??
root node 9294 124 dgram -> /var/run/logpriv
root node 9294 125 stream-> /tmp/.p0f_socket
root node 9294 126 tcp4 172.16.15.9:11439 172.16.15.16:6379
root node 9294 127 tcp4 172.16.15.9:31171 172.16.15.16:6379
root node 9294 128 tcp4 172.16.15.9:20298 172.16.15.16:6379
root cron 9250 4 dgram -> /var/run/logpriv
root syslogd 9200 4 dgram /var/run/log
root syslogd 9200 5 dgram /var/run/logpriv
root syslogd 9200 6 udp6 fd7a:e5cd:1fc1:8cf8:dead:beef:cafe:9:514 *:*
root syslogd 9200 7 udp4 172.16.15.9:514 *:*
root node 9192 93 dgram -> /var/run/logpriv
root node 9192 95 stream -> /tmp/.p0f_socket
root node 9192 96 tcp4 172.16.15.9:19998 172.16.15.16:6379
root node 9192 97 tcp4 172.16.15.9:18641 172.16.15.16:6379
root node 9192 98 tcp4 172.16.15.9:15094 172.16.15.16:6379
root node 9192 100 stream-> ??
root node 9192 101 stream-> ??
root node 9192 102 tcp46 *:25 *:*
root node 9192 103 tcp46 *:465 *:*
root node 9192 104 tcp46 *:587 *:*
root node 9192 105 tcp46 *:80 *:*
root p0f 9189 4 stream /tmp/.p0f_socket
root p0f 9189 5 stream /tmp/.p0f_socket
root p0f 9189 6 stream /tmp/.p0f_socket
root p0f 9189 7 stream /tmp/.p0f_socket
? ? ? ? tcp4 172.16.15.9:20365 172.16.15.16:6379
? ? ? ? tcp4 172.16.15.9:22457 172.16.15.16:6379
? ? ? ? tcp4 172.16.15.9:41173 172.16.15.16:6379
[root@vmware ~/builds/eb3c86ec/0/msimerson/Mail-Toaster-6]# nc haraka 25
220 null ESMTP Haraka 2.8.16 ready
ehlo vmware
250-null Hello haraka [172.16.15.9], Haraka is at your service.
250-PIPELINING
250-8BITMIME
250-SMTPUTF8
250-SIZE 0
250 STARTTLS
quit
221 null closing connection. Have a jolly good day.
#Looking at /jails/haraka/var/log/haraka.log .....
loaded 8357 Public Suffixes loaded 8357 Public Suffixes Reloading file: /data/config/dhparams.pem Reloading file: /data/config/dhparams.pem Reloading file: /data/config/dhparams.pem Reloading file: /data/config/dhparams.pem Reloading file: /data/config/dhparams.pem Reloading file: /data/config/dhparams.pem loaded TLD files: 1=1544 2=6156 3=2246 loaded 8357 Public Suffixes
Is it reading /data/config ??
Trying what you suggested mv config config-old in original MT6... getting further.....
Starting jails: haraka.
Success! A new 'haraka' jail is provisioned
Haraka still not running.,
loaded TLD files: 1=1544 2=6156 3=2246 loaded 8357 Public Suffixes loaded TLD files: 1=1544 2=6156 3=2246 loaded TLD files: 1=1544 2=6156 3=2246 loaded 8357 Public Suffixes loaded 8357 Public Suffixes loaded TLD files: 1=1544 2=6156 3=2246 loaded 8357 Public Suffixes loaded TLD files: 1=1544 2=6156 3=2246 loaded TLD files: 1=1544 2=6156 3=2246 loaded 8357 Public Suffixes loaded 8357 Public Suffixes
s571
commented
7 years ago Old MT6 updated. haraka says its running but there is no 'haraka haraka' in mail log. Send mail to check-auth which checks spf/dkim and the mail appears to get into system but doesn't get delivered. Still NOT using original /data/haraka/config. It's using the config installed during provision haraka
Oct 2 00:50:09 rspamd rspamd[22412]: <81dcc2>; task; rspamd_task_write_log: id: 1506919800-896104@verifier.port25.com, qid: <2EE4AA6D-7837-4397-BDAA-C3792148C570.1>, ip: 38.95.177.125, from: auth-results@verifier.port25.com, (default: F (no action): [-0.75/15.00] [DMARC_POLICY_ALLOW(-0.25){port25.com;none;},R_DKIM_ALLOW(-0.20){port25.com;},R_SPF_ALLOW(-0.20){+a;},MIME_GOOD(-0.10){text/plain;},ARC_NA(0.00){},ASN(0.00){asn:174, ipnet:38.95.177.0/24, country:US;},FROM_EQ_ENVFROM(0.00){},FROM_NO_DN(0.00){},MID_RHS_MATCH_FROM(0.00){},PREVIOUSLY_DELIVERED(0.00){user@redacted-domain.com;},RCPT_COUNT_ONE(0.00){1;},RCVD_COUNT_TWO(0.00){2;},RCVD_IN_DNSWL_NONE(0.00){125.177.95.38.list.dnswl.org : 127.0.15.0;},RCVD_NO_TLS_LAST(0.00){},TO_DN_NONE(0.00){},TO_MATCH_ENVRCPT_ALL(0.00){}]), len: 13507, time: 1163.976ms real, 15.107ms virtual, dns req: 60, digest: <7a2aca7b6bb89b0260836eba68c83a52>, rcpts: user@redacted-domain.com, mime_rcpt: <user@redacted-domain.com .. . . the rest of maillog shows stuff like the following but no haraka haraka
Oct 2 00:50:31 rspamd rspamd[22412]:
s571
commented
7 years ago Entering jail haraka /sbin/mount_nullfs /usr/ports /jails/haraka/usr/ports /sbin/mount_nullfs /var/cache/pkg /jails/haraka/var/cache/pkg 0 problem(s) in the installed packages found.
root@haraka:~ # ps auxw |grep haraka root 23660 0.0 0.0 14796 1600 1 S+J 00:56 0:00.00 grep haraka root@haraka:~ #
msimerson
commented
7 years ago I've seen this happen, but I can't remember what the problem was. It hasn't happened to me in a while.
s571
commented
7 years ago You must have sent something....
:~ # tail -F /var/log/maillog
Oct 2 00:57:56 rspamd rspamd[22411]: <9b3643>; task; accept_socket: accepted connection from 172.16.15.9 port 32772, task ptr: 0000000827684040
Oct 2 00:57:56 rspamd rspamd[22411]: <9b3643>; task; rspamd_message_parse: loaded message; id: msimerson/Mail-Toaster-6/issues/277/333441057@github.com; queue-id:
s571
commented
7 years ago funny, .. look ...
root@haraka:~ # /usr/local/etc/rc.d/haraka status haraka is running as 22843
root@haraka:~ # ps auxw |grep haraka root 23892 0.0 0.0 14796 1608 1 S+J 01:01 0:00.00 grep haraka
s571
commented
7 years ago You must be close to my age. you might want to start thinking 3 x 1000mg salmon oil pills in AM. It takes 3-4 months but will help your memory. No bs.
s571
commented
7 years ago In something like this, would it be easier for you to just ssh in? If so, put your public ssh keys here
s571
commented
7 years ago Trying 172.16.15.9... Connected to haraka. Escape character is '^]'. 220 null ESMTP Haraka 2.8.16 ready
it answers but its not working?? What am I missing?
s571
commented
7 years ago Going to attempt to build fresh MT6 just to see if haraka shows in maillog. Got to get MT6 working. We will loose the few clients we have left if not.
msimerson
commented
7 years ago How do you know it's not working? If it answers, try sending a message and see what happens.
s571
commented
7 years ago The mail you sent it was not received my thunderbird. I have send numerous emails to check-auth@verifier.port25.com it will reply almost immediately. I saw it come in, but there is no 'haraka haraka' lines in /var/log/maillog.
Can't login to webmail either... Connection to storage server failed.
I see the update changed /etc/pf.conf and I have added back the ip's to the table
s571
commented
7 years ago Sent email from within the MT server. Does say configuration error below.
Oct 2 02:01:17 mxbt1 sendmail[10022]: v9261Hsu010022: from=root, size=46, class=0, nrcpts=1, msgid=201710020601.v9261Hsu010022@mxbt1.redacted-domain.com, relay=root@localhost Oct 2 02:01:17 mxbt1 sm-mta[10023]: STARTTLS=server, relay=localhost [127.0.0.1], version=TLSv1.2, verify=NO, cipher=DHE-RSA-AES256-GCM-SHA384, bits=256/256 Oct 2 02:01:17 mxbt1 sendmail[10022]: STARTTLS=client, relay=[127.0.0.1], version=TLSv1.2, verify=FAIL, cipher=DHE-RSA-AES256-GCM-SHA384, bits=256/256 Oct 2 02:01:17 mxbt1 sm-mta[10023]: v9261HqC010023: from=root@mxbt1.redacted-domain.com, size=375, class=0, nrcpts=1, msgid=201710020601.v9261Hsu010022@mxbt1.redacted-domain.com, proto=ESMTPS, daemon=Daemon0, relay=localhost [127.0.0.1] Oct 2 02:01:17 mxbt1 sendmail[10022]: v9261Hsu010022: to=user@redacted-domain.com, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30046, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (v9261HqC010023 Message accepted for delivery) Oct 2 02:01:17 mxbt1 sm-mta[10025]: v9261HqC010023: SYSERR(root): MX list for redacted-domain.com. points back to mxbt1.redacted-domain.com Oct 2 02:01:17 mxbt1 sm-mta[10025]: v9261HqC010023: to=user@redacted-domain.com, ctladdr=root@mxbt1.redacted-domain.com (0/0), delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=30375, relay=redacted-domain.com., dsn=5.3.5, stat=Local configuration error Oct 2 02:01:17 mxbt1 sm-mta[10025]: v9261HqC010023: v9261HqB010025: DSN: Local configuration error Oct 2 02:01:17 mxbt1 sm-mta[10025]: v9261HqB010025: to=root@mxbt1.redacted-domain.com, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31399, relay=local, dsn=2.0.0, stat=Sent
s571
commented
7 years ago It says sent, but in thunderbird this mail and any mail sent from early AM yesterday is not there. I can send to you because that is another smtp only MT6. But I wont get your reply.
s571
commented
7 years ago Also why is it using sendmail ?
s571
commented
7 years ago Ok i will send from an outside cpanel server to an account on this MT6 and show you the log....
s571
commented
7 years ago Nothing to show, the mail did not get there....
Remote mail server says: 550 [84686C36-4F1@haraka] I cannot deliver mail for .. me.
s571
commented
7 years ago Reporting-MTA: dns; cpan.tier1hosting.net
Action: failed Final-Recipient: rfc822;user@host.redacted-domain.com Status: 5.0.0 Remote-MTA: dns; host.redacted-domain.com Diagnostic-Code: smtp; 550 [84686C36-4F1@haraka] I cannot deliver mail for user@host.redacted-domain.com
Expected behavior
Haraka should be running
Observed behavior
Do not see any error in /var/log/messages
Steps to reproduce
root@haraka:/usr/local/etc/rc.d # ./haraka status haraka is not running
root@haraka:/usr/local/etc/rc.d # ./haraka start loaded TLD files: 1=1544 2=6156 3=2246 loaded 8357 Public Suffixes root@haraka:/usr/local/etc/rc.d # ./haraka status haraka is not running root@haraka:/usr/local/etc/rc.d # exit
Please respond to this ultimatt. Our mail system is down all day. Thank you